High severityGHSA Advisory· Published Sep 1, 2020· Updated Sep 23, 2021
DOM-based XSS in gmail-js
CVE-2016-1000228
Description
Affected versions of gmail-js are vulnerable to cross-site scripting in the tools.parse_response, helper.get.visible_emails_post, and helper.get.email_data_post functions, which pass user input directly into the Function constructor.
Recommendation
Update to version 0.6.5 or later.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
gmail-jsnpm | < 0.6.5 | 0.6.5 |
Affected products
2- Range: <= 0.6.4
Patches
Vulnerability mechanics
References
5News mentions
0No linked articles in our index yet.