CVE-2022-1330

Name of the Vulnerable Software and Affected Versions fullpage.js versions prior to 4.0.4

Description The issue is related to a stored XSS due to an unsanitized anchor URL. When creating an anchor tag using fullpage.js and adding an href attribute, the URL is not properly sanitized. This allows for a break in the context of the anchor element, enabling the addition of new elements.

Recommendations For versions prior to 4.0.4, update to version 4.0.4 or later to resolve the issue. As a temporary workaround, consider disabling the use of unsanitized URLs in anchor tags until a patch is applied. Restrict access to the href attribute in the affected anchor elements to minimize the risk of exploitation. Avoid using the href attribute in the affected API endpoint until the issue is resolved.