knockout is vulnerable to cross-site scripting (XSS) attacks. Element names are directly passed to the Document Object Manipulator through string concatenation, allowing a malicious user to inject and execute arbitrary Javascript. This vulnerability only affects Internet Explorer versions 7 and older.
CPE | Name | Operator | Version |
---|---|---|---|
knockout | le | 3.5.0-beta | |
knockout | le | 3.5.0-beta | |
knockout | le | 3.4.2 | |
knockout | le | 3.4.2 | |
knockout | le | 3.4.2 | |
knockout | le | 3.5.0-beta | |
knockout | le | 3.5.0-beta | |
knockout | le | 3.4.2 | |
knockout | le | 3.4.2 | |
knockout | le | 3.4.2 |