EPSS
Percentile
22.7%
timelinejs3 is vulnerable to cross-site scripting (XSS). A remote attacker is able to inject and execute arbitrary Javascript in a user’s browser via unprotected Google Sheets or a JSON configuration file.
github.com/NUKnightLab/TimelineJS3/security/advisories/GHSA-2jpm-827p-j44g
knightlab.northwestern.edu/posts/
zanderwork.com/blog/cve-2020-15092/