foundation-sites@5.5.3 vulnerabilities

The most advanced responsive front-end framework in the world.

latest version

6.9.0
first published

10 years ago
latest version published

a month ago
licenses detected
- MIT
  >=0
View foundation-sites package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the foundation-sites package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
M Regular Expression Denial of Service (ReDoS) foundation-sites is a responsive front-end framework Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) due to inefficient backtracking in the regular expressions used in URL forms. How to fix Regular Expression Denial of Service (ReDoS)? There is no fixed version for `foundation-sites`.	*
M Cross-site Scripting (XSS) `foundation-sites` is an advanced responsive front-end framework. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) attacks due to an insufficient fix to npm:foundation-sites:20150619 Thanks to Nathaniel Paulus for disclosing this vulnerability! Although `innerHTML` does not make script tags executable, script tags are not the only way to run arbitrary code. This vulnerability was introduced in a deliberate attempt to allow HTML in captions. The file was subsequently deleted when version 6 was merged into the develop branch in 1e08494bb2118c9786ffc33c28158311cd542bcb. Confirmation of its removal (as well as plans to re-add it) can be found in issue 7759 How to fix Cross-site Scripting (XSS)? Upgrade `foundation-sites` to version 6.0.0 or higher.	<6.0.0

Regular Expression Denial of Service (ReDoS)

foundation-sites is a responsive front-end framework

Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) due to inefficient backtracking in the regular expressions used in URL forms.

How to fix Regular Expression Denial of Service (ReDoS)?

There is no fixed version for foundation-sites.

Cross-site Scripting (XSS)

foundation-sites is an advanced responsive front-end framework.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) attacks due to an insufficient fix to npm:foundation-sites:20150619

Thanks to Nathaniel Paulus for disclosing this vulnerability!

Although innerHTML does not make script tags executable, script tags are not the only way to run arbitrary code.

This vulnerability was introduced in a deliberate attempt to allow HTML in captions. The file was subsequently deleted when version 6 was merged into the develop branch in 1e08494bb2118c9786ffc33c28158311cd542bcb. Confirmation of its removal (as well as plans to re-add it) can be found in issue 7759

How to fix Cross-site Scripting (XSS)?

Upgrade foundation-sites to version 6.0.0 or higher.

<6.0.0

Go back to all versions of this package

foundation-sites@5.5.3 vulnerabilities

The most advanced responsive front-end framework in the world.

latest version

first published

latest version published

licenses detected

Direct Vulnerabilities