CVE-2020-28487
on github
Published
Severity
CVSS v3:
6.8 MEDIUM
CVSS v2:
6 MEDIUM
Description
This affects the package vis-timeline before 7.4.4. An attacker with the ability to control the items of a Timeline element can inject additional script code into the generated application.
References
Configurations
CPE23 | Version Start | Version End | Exact Version |
---|---|---|---|
cpe:2.3:a:visjs:vis-timeline:*:*:*:*:*:node.js:*:* | n/a | 7.4.4 | * |