Vulnerability	Vulnerable Version
M Prototype Pollution hellojs is a Javascript RESTFUL API library for connecting with OAuth2 services. Affected versions of this package are vulnerable to Prototype Pollution via the `hello.utils.extend` function due to improper input sanitization. How to fix Prototype Pollution? Upgrade `hellojs` to version 1.18.8 or higher.	<1.18.8
C Cross-site Scripting (XSS) hellojs is a Javascript RESTFUL API library for connecting with OAuth2 services. Affected versions of this package are vulnerable to Cross-site Scripting (XSS). The code gets the param `oauth_redirect` from url and passes it to `location.assign` without any sanitisation. So an attack can pass `js` payloads into the url param `oauth_redirect`, such as `javascript:alert(1)`. How to fix Cross-site Scripting (XSS)? Upgrade `hellojs` to version 1.18.6 or higher.	<1.18.6
M Cross-site Scripting (XSS) hellojs is a Javascript RESTFUL API library for connecting with OAuth2 services. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the `state.page_uri` query parameter. How to fix Cross-site Scripting (XSS)? Upgrade `hellojs` to version 1.18.2 or higher.	<1.18.2

Go back to all versions of this package