@typebot.io/js 0.0.32

Direct Vulnerabilities

Known vulnerabilities in the @typebot.io/js package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
M Cross-site Scripting (XSS) @typebot.io/js is a Javascript library to display typebots on your website Affected versions of this package are vulnerable to Cross-site Scripting (XSS) in the `RatingButton` component when unsanitized SVG or HTML is rendered via the `innerHTML` directive. An attacker can gain access to session cookies and authentication tokens, modify workspace settings, or escalate privileges by crafting a malicious bot template or leveraging collaborator access to inject arbitrary HTML/SVG, which executes in the builder's DOM context when previewed by a victim user. How to fix Cross-site Scripting (XSS)? Upgrade `@typebot.io/js` to version 0.10.1 or higher.	<0.10.1
M Cross-site Scripting (XSS) @typebot.io/js is a Javascript library to display typebots on your website Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the `href` attribute in anchor tags rendered from user-controlled content. An attacker can execute arbitrary JavaScript in the context of the embedding site by crafting a link with a `javascript:` URI, potentially allowing theft of cookies, session tokens, or other sensitive data accessible to the page. How to fix Cross-site Scripting (XSS)? Upgrade `@typebot.io/js` to version 0.10.1 or higher.	<0.10.1
M Cross-site Scripting (XSS) @typebot.io/js is a Javascript library to display typebots on your website Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the imported bot preview. An attacker can access sensitive credentials belonging to other users by tricking a victim into previewing a malicious typebot, which executes in the victim's browser and exfiltrates stored API keys, tokens, and passwords through `getCredentials` API. How to fix Cross-site Scripting (XSS)? Upgrade `@typebot.io/js` to version 0.9.15 or higher.	<0.9.15

Vulnerability

Vulnerable Version

Cross-site Scripting (XSS)

@typebot.io/js is a Javascript library to display typebots on your website

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) in the RatingButton component when unsanitized SVG or HTML is rendered via the innerHTML directive. An attacker can gain access to session cookies and authentication tokens, modify workspace settings, or escalate privileges by crafting a malicious bot template or leveraging collaborator access to inject arbitrary HTML/SVG, which executes in the builder's DOM context when previewed by a victim user.

How to fix Cross-site Scripting (XSS)?

Upgrade @typebot.io/js to version 0.10.1 or higher.

<0.10.1

Cross-site Scripting (XSS)

@typebot.io/js is a Javascript library to display typebots on your website

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the href attribute in anchor tags rendered from user-controlled content. An attacker can execute arbitrary JavaScript in the context of the embedding site by crafting a link with a javascript: URI, potentially allowing theft of cookies, session tokens, or other sensitive data accessible to the page.

How to fix Cross-site Scripting (XSS)?

Upgrade @typebot.io/js to version 0.10.1 or higher.

<0.10.1

Cross-site Scripting (XSS)

@typebot.io/js is a Javascript library to display typebots on your website

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the imported bot preview. An attacker can access sensitive credentials belonging to other users by tricking a victim into previewing a malicious typebot, which executes in the victim's browser and exfiltrates stored API keys, tokens, and passwords through getCredentials API.

How to fix Cross-site Scripting (XSS)?

Upgrade @typebot.io/js to version 0.9.15 or higher.

<0.9.15

@typebot.io/js@0.0.32

Javascript library to display typebots on your website

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities

Fix vulnerabilities automatically