semantic-ui@1.5.0 vulnerabilities

Semantic empowers designers and developers by creating a shared vocabulary for UI.

latest version

2.5.0
first published

10 years ago
latest version published

2 years ago
licenses detected
- MIT
  >=0
View semantic-ui package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the semantic-ui package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
M Cross-site Scripting (XSS) semantic-ui is an UI framework designed for theming. Affected versions of this package are vulnerable to Cross-site Scripting (XSS). Lack of output encoding on the selection dropdown user additions and search response values can lead to user input being executed as JavaScript instead of plaintext. This is due to the `preserveHTML` element setting not escaping HTML input when `allowAdditions` property is set to the value `true` The remediation to this vulnerability has applied to fomantic-u, a community fork of the popular Semantic-UI framework. How to fix Cross-site Scripting (XSS)? There is no fixed version for `semantic-ui`.	*
M Cross-site Scripting (XSS) `semantic-ui` empowers designers and developers by creating a shared vocabulary for UI..] Affected versions of the package are vulnerable to Cross-site Scripting (XSS). When using a dropdown and allowing users to type their own additions to a multi select, the user can escape outside of the selector and can be used in XSS attacks. How to fix Cross-site Scripting (XSS)? Upgrade to `semantic-ui` version 2.2.8 or newer.	<2.2.8

Cross-site Scripting (XSS)

semantic-ui is an UI framework designed for theming.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS). Lack of output encoding on the selection dropdown user additions and search response values can lead to user input being executed as JavaScript instead of plaintext. This is due to the preserveHTML element setting not escaping HTML input when allowAdditions property is set to the value true

The remediation to this vulnerability has applied to fomantic-u, a community fork of the popular Semantic-UI framework.

How to fix Cross-site Scripting (XSS)?

There is no fixed version for semantic-ui.

Cross-site Scripting (XSS)

semantic-ui empowers designers and developers by creating a shared vocabulary for UI..]

Affected versions of the package are vulnerable to Cross-site Scripting (XSS). When using a dropdown and allowing users to type their own additions to a multi select, the user can escape outside of the selector and can be used in XSS attacks.

How to fix Cross-site Scripting (XSS)?

Upgrade to semantic-ui version 2.2.8 or newer.

<2.2.8

Go back to all versions of this package

semantic-ui@1.5.0 vulnerabilities

Semantic empowers designers and developers by creating a shared vocabulary for UI.

latest version

first published

latest version published

licenses detected

Direct Vulnerabilities