Forms is a library for easily creating HTML forms. Versions before 1.3.0 did not have proper html escaping. This means that if the…
hackerone·CWE-80·Published 2018-06-04
Forms is a library for easily creating HTML forms. Versions before 1.3.0 did not have proper html escaping. This means that if the application did not sanitize html on behalf of forms, use of forms may be vulnerable to cross site scripting
Forms is a library for easily creating HTML forms. Versions before 1.3.0 did not have proper html escaping. This means that if the application did not sanitize html on behalf of forms, use of forms may be vulnerable to cross site scripting
Affected versions of `forms` do not properly escape HTML in generated forms, which may result in cross-site scripting. ## Recommendation Update to version 1.3.0 or later.
Affected versions of `forms` do not properly escape HTML in generated forms, which may result in cross-site scripting. ## Recommendation Update to version 1.3.0 or later.
Forms es una biblioteca para crear formularios HTML fácilmente. Las versiones anteriores a la 1.3.0 no contaban con un escapado HTML adecuado. Esto significa que, si la aplicación no saneaba código html en representación de los formularios, su uso podría ser vulnerable a Cross-Site Scripting (XSS).
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 2.0 | Primary | NVD | 4.3 | 8.6 | 2.9 | AV:N/AC:M/Au:N/C:N/I:P/A:N |
| 3.0 | Primary | NVD | 6.1 | 2.8 | 2.7 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
| 3.1 | Secondary | GHSA | 6.1 | — | — | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |