ids-enterprise@4.16.0-dev.20190204 vulnerabilities

Infor Design System (IDS) Enterprise Components for the web

latest version

4.101.0
latest non vulnerable version

4.101.0
first published

7 years ago
latest version published

18 days ago
licenses detected
- Apache-2.0
  >=0
View ids-enterprise package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the ids-enterprise package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability	Vulnerable Version
M Cross-site Scripting (XSS) ids-enterprise is a framework-independent UI library consisting of CSS and JS that provides product development teams, partners, and customers the tools to create user experiences that are approachable, focused, relevant, perceptive. Affected versions of this package are vulnerable to Cross-site Scripting (XSS). Script tags inside dropdown options are executed when removing search text using backspace, resulting in execution of JavaScript. How to fix Cross-site Scripting (XSS)? Upgrade `ids-enterprise` to version 4.23.0-dev.20191105 or higher.	<4.23.0-dev.20191105
M Cross-site Scripting (XSS) ids-enterprise is a framework-independent UI library consisting of CSS and JS that provides product development teams, partners, and customers the tools to create user experiences that are approachable, focused, relevant, perceptive. Affected versions of this package are vulnerable to Cross-site Scripting (XSS). The title and title example value of a modal was found to be unescaped, allowing insertion of JavaScript which is not sanitized. How to fix Cross-site Scripting (XSS)? Upgrade `ids-enterprise` to version 4.22.0-beta.0 or higher.	<4.22.0-beta.0
M Cross-site Scripting (XSS) ids-enterprise is a framework-independent UI library consisting of CSS and JS that provides product development teams, partners, and customers the tools to create user experiences that are approachable, focused, relevant, perceptive. Affected versions of this package are vulnerable to Cross-site Scripting (XSS). The `soho-dropdown` component does not properly encode its output and may allow attackers to execute arbitrary JavaScript. How to fix Cross-site Scripting (XSS)? Upgrade `ids-enterprise` to version 4.18.2 or higher.	<4.18.2
M Cross-site Scripting (XSS) ids-enterprise is a framework-independent UI library consisting of CSS and JS that provides product development teams, partners, and customers the tools to create user experiences that are approachable, focused, relevant, perceptive. Affected versions of this package are vulnerable to Cross-site Scripting (XSS). The `modal` component fails to sanitize input to the `title` attribute, which may allow attackers to execute arbitrary JavaScript. How to fix Cross-site Scripting (XSS)? Upgrade `ids-enterprise` to version 4.18.2 or higher.	<4.18.2
M Cross-site Scripting (XSS) ids-enterprise is a framework-independent UI library consisting of CSS and JS that provides product development teams, partners, and customers the tools to create user experiences that are approachable, focused, relevant, perceptive. Affected versions of this package are vulnerable to Cross-site Scripting (XSS). JavaScript inserted within `soho-autocomplete` and `soho-dropdown` attributes are returned without proper output encoding resulting in XSS. How to fix Cross-site Scripting (XSS)? Upgrade `ids-enterprise` to version 4.18.2 or higher.	<4.18.2

Go back to all versions of this package

ids-enterprise@4.16.0-dev.20190204 vulnerabilities

Infor Design System (IDS) Enterprise Components for the web

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities