Mapbox.js versions 1.x prior to 1.6.5 and 2.x prior to 2.1.7 are vulnerable to a cross-site-scripting attack in certain uncommon usage scenarios via TileJSON Name.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| mapbox_project | mapbox | 1.6.1 |
| mapbox_project | mapbox | 1.0.0 |
| mapbox_project | mapbox | 1.2.0 |
| mapbox_project | mapbox | 2.0.0 |
| mapbox_project | mapbox | 1.5.2 |
| mapbox_project | mapbox | 1.3.1 |
| mapbox_project | mapbox | 1.0.1 |
| mapbox_project | mapbox | 1.0.3 |
| mapbox_project | mapbox | 1.4.2 |
| mapbox_project | mapbox | 2.1.5 |
| mapbox_project | mapbox | 1.5.1 |
| mapbox_project | mapbox | 1.6.4 |
| mapbox_project | mapbox | 2.0.1 |
| mapbox_project | mapbox | 1.6.2 |
| mapbox_project | mapbox | 2.1.1 |
| mapbox_project | mapbox | 2.1.3 |
| mapbox_project | mapbox | 1.4.1 |
| mapbox_project | mapbox | 2.1.2 |
| mapbox_project | mapbox | 1.3.0 |
| mapbox_project | mapbox | 2.1.0 |
| mapbox_project | mapbox | 1.6.0 |
| mapbox_project | mapbox | 1.4.0 |
| mapbox_project | mapbox | 2.1.6 |
| mapbox_project | mapbox | 1.1.0 |
| mapbox_project | mapbox | 1.0.2 |
| mapbox_project | mapbox | 1.0.4 |
| mapbox_project | mapbox | 1.5.0 |
| mapbox_project | mapbox | 2.1.4 |