Versions of status-board
prior to 10.0.1 are vulnerable to Cross-Site Scripting. The _createPreviewButton()
function fails to sanitize the href
attribute of a created <a>
tag. This may allow attackers to execute arbitrary JavaScript in a victim’s browser.
Upgrade to version 10.0.1 or later.