Description
A cross-Site Scripting (XSS) vulnerability in this.showInvalid and this.showInvalidCountry in SmartyStreets liveAddressPlugin.js 3.2 allows remote attackers to inject arbitrary web script or HTML via any address parameter (e.g., street or country).
Remediation
References
https://github.com/smartystreets-archives
https://jsfiddle.net/smartystreets/Lx2dbsaa/
https://www.guidepointsecurity.com/liveaddressplugin-js-vulnerability-disclosure/
Related Vulnerabilities
CVE-2019-19771 Vulnerability in npm package hw-trnasport-u2f
CVE-2017-16113 Vulnerability in maven package org.webjars.npm:parsejson
CVE-2013-4590 Vulnerability in maven package org.apache.tomcat:jasper
CVE-2022-36046 Vulnerability in npm package next
CVE-2018-12541 Vulnerability in maven package io.vertx:vertx-core