Description
Cross Site Scripting vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the sortBy parameter.
Remediation
References
https://devhub.checkmarx.com/cve-details/CVE-2023-46495/
https://devhub.checkmarx.com/cve-details/Cxbc6d4599-c1bd/
Related Vulnerabilities
CVE-2017-7957 Vulnerability in maven package xstream:xstream
CVE-2020-2204 Vulnerability in maven package org.jenkins-ci.plugins:fortify-on-demand-uploader
CVE-2021-41183 Vulnerability in maven package org.webjars.npm:jquery-ui
CVE-2015-5170 Vulnerability in maven package org.cloudfoundry.identity:cloudfoundry-identity-login
CVE-2019-0222 Vulnerability in maven package org.fusesource.mqtt-client:mqtt-client