Homepage

uikit@2.27.4 vulnerabilities

UIkit is a lightweight and modular front-end framework for developing fast and powerful web interfaces.

  • latest version

    3.23.11

  • first published

    10 years ago

  • latest version published

    8 days ago

  • licenses detected

  • View uikit package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the uikit package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Cross-site Scripting (XSS)

    uikit is a lightweight and modular front-end framework for developing fast and powerful web interfaces.

    Affected versions of this package are vulnerable to Cross-site Scripting (XSS) in the data-caption attribute due to insufficient input sanitisation and output escaping. An attacker can execute arbitrary web scripts in the context of another user by injecting malicious content as a user with Contributor-level access or higher.

    Note:

    The underlying 'uikit' package behavior is exposed by other packages such as 'Element Pack Addons' for Elementor plugin for WordPress. 'Element Pack Addons' has mitigated the issue in version 8.1.0.

    How to fix Cross-site Scripting (XSS)?

    There is no fixed version for uikit.

    >=2.18.0
    Go back to all versions of this package