Description
The getTip() method of Action Columns of Sencha Ext JS 4 to 6 before 6.6.0 is vulnerable to XSS attacks, even when passed HTML-escaped data. This framework brings no built-in XSS protection, so the developer has to ensure that data is correctly sanitized. However, the getTip() method of Action Columns takes HTML-escaped data and un-escapes it. If the tooltip contains user-controlled data, an attacker could exploit this to create a cross-site scripting attack, even when developers took precautions and escaped data.
Remediation
References
Related Vulnerabilities
WordPress Plugin User Activation Email Cross-Site Scripting (1.3.0)
WordPress Plugin Site Offline Or Coming Soon Or Maintenance Mode Security Bypass (1.5.2)
WordPress Plugin WP Fastest Cache Directory Traversal (0.9.1.6)
TYPO3 Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2022-23503)
Oracle Database Server CVE-2011-2253 Vulnerability (CVE-2011-2253)