semantic-ui-search@1.10.1 vulnerabilities

Single component release of search

Direct Vulnerabilities

Known vulnerabilities in the semantic-ui-search package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free
VulnerabilityVulnerable Version
  • M
Cross-site Scripting (XSS)

semantic-ui-search is a pre-compiled search files using the default themes. This is intended for use in projects that do not need all the bells and whistles of Semantic UI, and want to keep file size to a minimum.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS). Lack of output encoding on the selection dropdown user additions and search response values can lead to user input being executed as JavaScript instead of plaintext. This is due to the preserveHTML element setting not escaping HTML input when allowAdditions property is set to the value true

The remediation to this vulnerability has applied to fomantic-u, a community fork of the popular Semantic-UI framework.

How to fix Cross-site Scripting (XSS)?

There is no fixed version for semantic-ui-search.

*