GMS-2020-722: Cross-Site Scripting in fuelux

September 1, 2020 (updated September 23, 2021)

Affected versions of fuelux contain a cross-site scripting vulnerability in the Pillbox feature. By supplying a script as a value for a new pillbox, it is possible to cause arbitrary script execution.

Recommendation

Update to version 3.15.7 or later.

References

github.com/ExactTarget/fuelux/issues/1841
github.com/ExactTarget/fuelux/pull/1856
github.com/advisories/GHSA-fwcw-5qw2-87mp
nvd.nist.gov/vuln/detail/CVE-2016-1000235
www.npmjs.com/advisories/133

Code Behaviors & Features

Detect and mitigate GMS-2020-722 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →