Geckoboard · Status Board · CVE-2019-15478
**Name of the Vulnerable Software and Affected Versions**
Status Board version 1.1.81
status-board versions all
**Description**
The issue is related to Cross-Site Scripting. The `renderJsDashboard()` function is vulnerable due to insufficient sanitization of the `safeDashboard` variable. If this variable is controlled by user input, it may allow attackers to execute arbitrary JavaScript in a victim's browser.
**Recommendations**
For Status Board version 1.1.81, consider disabling the `renderJsDashboard()` function until a patch is available.
For status-board all versions, consider using an alternative package until a fix is made available.