Description
This affects all versions of package lightning-server. It is possible to inject malicious JavaScript code as part of a session controller.
Analysis and contextual insights are available on OpenCVE Cloud.
Remediation
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
EUVD |
EUVD-2021-1081 | This affects all versions of package lightning-server. It is possible to inject malicious JavaScript code as part of a session controller. |
Github GHSA |
GHSA-gmch-cm2p-9qw9 | Cross-site Scripting in lightning-server |
References
History
No history.
Status: PUBLISHED
Assigner: snyk
Published:
Updated: 2024-09-16T16:42:28.588Z
Reserved: 2020-01-21T00:00:00.000Z
Link: CVE-2020-7747
No data.
Status : Modified
Published: 2020-10-20T11:15:12.487
Modified: 2026-06-17T03:25:22.433
Link: CVE-2020-7747
No data.
OpenCVE Enrichment
No data.
Weaknesses
EUVD
Github GHSA