Description
A cross-Site Scripting (XSS) vulnerability in this.showInvalid and this.showInvalidCountry in SmartyStreets liveAddressPlugin.js 3.2 allows remote attackers to inject arbitrary web script or HTML via any address parameter (e.g., street or country).
Remediation
References
https://jsfiddle.net/smartystreets/Lx2dbsaa/
https://www.guidepointsecurity.com/liveaddressplugin-js-vulnerability-disclosure/
https://github.com/smartystreets-archives
Related Vulnerabilities
CVE-2021-23327 Vulnerability in npm package apexcharts
CVE-2019-18818 Vulnerability in npm package strapi
CVE-2018-16487 Vulnerability in maven package org.fujion.webjars:lodash
CVE-2022-36882 Vulnerability in maven package org.jenkins-ci.plugins:git
CVE-2021-21179 Vulnerability in maven package org.webjars.npm:electron