CVE-2018-1000855: Cross-site Scripting

December 20, 2018 (updated October 30, 2019)

The package easymon contains a Cross Site Scripting (XSS) vulnerability in Endpoint where monitoring is mounted that can result in Reflected XSS that affects Firefox. This can be used to steal cookies, depending on the cookie settings. The victim must click on a crafted URL that contains the XSS payload.

References

nvd.nist.gov/vuln/detail/CVE-2018-1000855

Code Behaviors & Features

Detect and mitigate CVE-2018-1000855 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →