Homepage

fomantic-ui@2.6.4 vulnerabilities

Fomantic empowers designers and developers by creating a shared vocabulary for UI.

  • latest version

    2.9.3

  • latest non vulnerable version

    2.9.4-beta.89

  • first published

    6 years ago

  • latest version published

    1 years ago

  • licenses detected

  • View fomantic-ui package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the fomantic-ui package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Cross-site Scripting (XSS)

    fomantic-ui is a community fork of the popular Semantic-UI framework.

    Affected versions of this package are vulnerable to Cross-site Scripting (XSS). Lack of output encoding on the selection dropdown user additions and search response values can lead to user input being executed as JavaScript instead of plaintext. This is due to the preserveHTML element setting not escaping HTML input when allowAdditions property is set to the value true

    The remediation to this vulnerability has applied to fomantic-u, a community fork of the popular Semantic-UI framework.

    How to fix Cross-site Scripting (XSS)?

    Upgrade fomantic-ui to version 2.7.0 or higher.

    <2.7.0
    Go back to all versions of this package