CVE-2022-4942

Name of the Vulnerable Software and Affected Versions mportuga eslint-detailed-reporter versions up to 0.9.0

Description A vulnerability was found in the function renderIssue in the library lib/template-generator.js, which can lead to cross-site scripting when the message argument is manipulated. The attack may be launched remotely.

Recommendations For mportuga eslint-detailed-reporter versions up to 0.9.0, apply a patch to fix this issue. As a temporary workaround, consider restricting the use of the renderIssue function in the lib/template-generator.js library until a patch is available. Avoid manipulating the message argument in the affected function to minimize the risk of exploitation.