CVE-2018-20302

Name of the Vulnerable Software and Affected Versions Steve Pallen Xain versions prior to 0.6.2

Description A cross-site scripting (XSS) issue was discovered, allowing for potential exploitation via the order parameter in a query. An example of a malicious request could be made to the API endpoint "http://host/ressources?order=%27>", demonstrating the vulnerability.

Recommendations For versions prior to 0.6.2, update to version 0.6.2 or later to resolve the issue. As a temporary workaround, consider restricting or sanitizing user input for the order parameter to minimize the risk of exploitation.