uikit is a lightweight and modular front-end framework for developing fast and powerful web interfaces.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) in the data-caption attribute due to insufficient input sanitisation and output escaping. An attacker can execute arbitrary web scripts in the context of another user by injecting malicious content as a user with Contributor-level access or higher.

Note:

The underlying 'uikit' package behavior is exposed by other packages such as 'Element Pack Addons' for Elementor plugin for WordPress. 'Element Pack Addons' has mitigated the issue in version 8.1.0.

Pillow is a PIL (Python Imaging Library) fork.

Affected versions of this package are vulnerable to Out-of-Bounds. Heap-based buffer overflow in the j2k_encode_entry function in Pillow 2.5.0 through 3.1.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted Jpeg2000 file.

org.webjars.bowergithub.uikit:uikit is a lightweight and modular front-end framework for developing fast and powerful web interfaces.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) in the data-caption attribute due to insufficient input sanitisation and output escaping. An attacker can execute arbitrary web scripts in the context of another user by injecting malicious content as a user with Contributor-level access or higher.

Note:

The underlying 'uikit' package behavior is exposed by other packages such as 'Element Pack Addons' for Elementor plugin for WordPress. 'Element Pack Addons' has mitigated the issue in version 8.1.0.