Vulnerability Details CVE-2020-28470
This affects the package @scullyio/scully before 1.0.9. The transfer state is serialised with the JSON.stringify() function and then written into the HTML page.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 52.8%
CVSS Severity
CVSS v3 Score 7.3
CVSS v2 Score 4.3
References