Vulnerabilities > Serialize TO JS Project > Serialize TO JS > 1.1.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-07 | CVE-2019-16772 | Cross-site Scripting vulnerability in Serialize-To-Js Project Serialize-To-Js The serialize-to-js NPM package before version 3.0.1 is vulnerable to Cross-site Scripting (XSS). | 4.3 |
| 2017-10-24 | CVE-2017-15871 | Infinite Loop vulnerability in Serialize-To-Js Project Serialize-To-Js The deserialize function in serialize-to-js through 1.1.1 allows attackers to cause a denial of service via vectors involving an Immediately Invoked Function Expression "function()" substring, as demonstrated by a "function(){console.log(" call or a simple infinite loop. | 7.5 |