CVE-2020-28470
This affects the package @scullyio/scully before 1.0.9. The transfer state is serialised with the JSON.stringify() function and then written into the HTML page.
7.3CVSS
6.2AI Score
0.001EPSS