VYPR
High severityGHSA Advisory· Published Sep 1, 2020· Updated Sep 23, 2021

DOM-based XSS in gmail-js

CVE-2016-1000228

Description

Affected versions of gmail-js are vulnerable to cross-site scripting in the tools.parse_response, helper.get.visible_emails_post, and helper.get.email_data_post functions, which pass user input directly into the Function constructor.

Recommendation

Update to version 0.6.5 or later.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
gmail-jsnpm
< 0.6.50.6.5

Affected products

2

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.