New Vunlnerability in all packages of osm-static-maps

It affects all variants of the osm-static-maps package. The user feedback given to the package is transferred directly without escaping to a prototype.

As such, it is likely, depending on the context, for an attacker to insert random HTML / JS javascript. It will be written on the website as an HTML that gives XSS opportunity or made on the server (puppeteer), which also gives SSRF and Local File Read opportunity.


Source:

github.com/jperelli/osm-static-maps/pull/24