VYPR

hackage package

hledger-web

pkg:hackage/hledger-web

Vulnerabilities (1)

  • CVE-2021-46888MedMay 21, 2023
    affected >= 0.24, < 1.23fixed 1.23

    An issue was discovered in hledger before 1.23. A Stored Cross-Site Scripting (XSS) vulnerability exists in toBloodhoundJson that allows an attacker to execute JavaScript by encoding user-controlled values in a payload with base64 and parsing them with the atob function.