baremetrics-calendar@1.0.14 vulnerabilities

latest version

1.0.14
first published

6 years ago
latest version published

6 years ago
licenses detected
- MIT
  >=0
View baremetrics-calendar package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the baremetrics-calendar package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
M Cross-site Scripting (XSS) baremetrics-calendar is a Baremetrics provides zero-setup subscription analytics & insights for Stripe, Braintree and Recurly. Get started today! Affected versions of this package are vulnerable to Cross-site Scripting (XSS) when handling untrusted `placeholder` entries. An attacker who is able to influence the field `placeholder` when creating a `Calendar` instance is able to supply arbitrary `html` or `javascript` that will be rendered in the context of a user. How to fix Cross-site Scripting (XSS)? There is no fixed version for `baremetrics-calendar`.	*

Cross-site Scripting (XSS)

baremetrics-calendar is a Baremetrics provides zero-setup subscription analytics & insights for Stripe, Braintree and Recurly. Get started today!

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) when handling untrusted placeholder entries. An attacker who is able to influence the field placeholder when creating a Calendar instance is able to supply arbitrary html or javascript that will be rendered in the context of a user.

How to fix Cross-site Scripting (XSS)?

There is no fixed version for baremetrics-calendar.

Go back to all versions of this package

baremetrics-calendar@1.0.14 vulnerabilities

latest version

first published

latest version published

licenses detected

Direct Vulnerabilities