CVE-2016-1000235 — fuelux vulnerable to Cross-Site Scripting in Pillbox feature

Description

Affected versions of `fuelux` contain a cross-site scripting vulnerability in the Pillbox feature. By supplying a script as a value for a new pillbox, it is possible to cause arbitrary script execution. ## Recommendation Update to version 3.15.7 or later.

How to fix CVE-2016-1000235

To remediate CVE-2016-1000235, upgrade the affected package to a fixed version below.

npm/fuelux—upgrade to 3.15.7 or later

Is CVE-2016-1000235 being exploited?

No exploitation signal available. Neither CISA KEV nor a current EPSS score has been published for CVE-2016-1000235.

Affected packages (1)

from 0, < 3.15.7

References (5)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2016-1000235
PATCHgithub.com/ExactTarget/fuelux
WEBgithub.com/ExactTarget/fuelux/issues/1841
WEBgithub.com/ExactTarget/fuelux/pull/1856
WEBwww.npmjs.com/advisories/133