Description
Missing output sanitization in test sources in org.webjars.bowergithub.vaadin:vaadin-menu-bar versions 1.0.0 through 1.2.0 (Vaadin 14.0.0 through 14.4.4) allows remote attackers to execute malicious JavaScript in browser by opening crafted URL
Remediation
References
https://github.com/vaadin/vaadin-menu-bar/pull/126
https://vaadin.com/security/cve-2021-33611
Related Vulnerabilities
CVE-2022-24999 Vulnerability in maven package org.webjars:qs
CVE-2021-41117 Vulnerability in npm package keypair
CVE-2019-10795 Vulnerability in maven package org.webjars.npm:undefsafe
CVE-2022-36914 Vulnerability in maven package org.jenkins-ci.plugins:files-found-trigger
CVE-2020-24855 Vulnerability in npm package @easy-team/easywebpack-cli