Fluid Attacks Database

Description

Cross-site Scripting in lightning-server This affects all versions of package lightning-server. It is possible to inject malicious JavaScript code as part of a session controller.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version
npm	lightning-server	>=0 <=1.3.0

Aliases

1. CVE-2020-77472. NVD-2020-77473. OSV-2020-77474. GCVE-2020-7747

References

1. https://github.com/lightning-viz/lightning/blob/master/app/controllers/session.js%23L230