PT-2020-7936 · Gmail-Js · Gmail-Js

Published

2020-09-01

Updated

2020-09-01

CVE-2016-1000228

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

Name of the Vulnerable Software and Affected Versions: gmail-js versions prior to 0.6.5

Description: The issue concerns cross-site scripting in certain functions, specifically tools.parse response, helper.get.visible emails post, and helper.get.email data post, which directly pass user input into the Function constructor.

Recommendations: Update to version 0.6.5 or later.

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2016-1000228

GHSA-C7PP-G2V2-2766

Affected Products

Gmail-Js

PT-2020-7936 · Gmail-Js · Gmail-Js

CVE-2016-1000228

Weakness Enumeration

Related Identifiers

Affected Products

References · 6