Security Advisory

CVE-2023-41049

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-09-01 19:35:09
Last updated 2024-10-01 13:08:08
Assigner GitHub_M
State PUBLISHED

Description

@dcl/single-sign-on-client is an open source npm library which deals with single sign on authentication flows. Improper input validation in the `init` function allows arbitrary javascript to be executed using the `javascript:` prefix. This vulnerability has been patched on version `0.1.0`. Users are advised to upgrade. Users unable to upgrade should limit untrusted user input to the `init` function.