MidnightBSD

Advisories for equalweb

CVE-2022-42960

EqualWeb Accessibility Widget 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.1.10, 3.0.0, 3.0.1, 3.0.2, 4.0.0, and 4.0.1 allows DOM XSS due to improper validation of message events to accessibility.js.

Products Affected

Vendor Product Version
equalweb equalweb_accessibility_widget 2.0.3
equalweb equalweb_accessibility_widget 2.0.2
equalweb equalweb_accessibility_widget 4.0.1
equalweb equalweb_accessibility_widget 2.0.1
equalweb equalweb_accessibility_widget 2.0.0
equalweb equalweb_accessibility_widget 2.0.4
equalweb equalweb_accessibility_widget 2.1.10
equalweb equalweb_accessibility_widget 3.0.1
equalweb equalweb_accessibility_widget 3.0.2
equalweb equalweb_accessibility_widget 3.0.0
equalweb equalweb_accessibility_widget 4.0.0