Description
cd-messenger through 2.7.26 is vulnerable to Arbitrary Code Execution. User input provided to the `color` argument executed by the `eval` function resulting in code execution.
Remediation
References
https://snyk.io/vuln/SNYK-JS-CDMESSENGER-571493
Related Vulnerabilities
CVE-2022-39353 Vulnerability in npm package @xmldom/xmldom
CVE-2023-36478 Vulnerability in maven package org.eclipse.jetty.http2:http2-hpack
CVE-2020-10758 Vulnerability in maven package org.keycloak:keycloak-wildfly-server-subsystem
CVE-2023-49372 Vulnerability in maven package com.jfinal:jfinal
CVE-2021-22096 Vulnerability in maven package org.springframework:spring-core