CVE-2021-32860

Name of the Vulnerable Software and Affected Versions iziModal versions prior to 1.6.1

Description The issue arises when handling untrusted modal titles, allowing an attacker to influence the title field and supply arbitrary html or javascript code. This code will be rendered in the context of a user, potentially leading to cross-site scripting (XSS).

Recommendations For versions prior to 1.6.1, update to version 1.6.1 to resolve the issue. As a temporary workaround, consider restricting the ability to influence the title field when creating an iziModal instance to minimize the risk of exploitation.