Metronic HTML v8.* - Toastr 2.1.4 XSS

We have just purchased the latest version of Metronic in order to have the most up-to-date and secure versions of libraries and components.

We noticed that version v.8.2.9 (latest), which is the one that includes HTML, is still using Toastr version 2.1.4. This version has an active XSS vulnerability that is detected by all modern pentesting tools.

We need you to let us know how to replace or remove the library so we can use another one implemented by us, as the theme in its current state cannot be used in production due to this vulnerability.

Guest 1 year ago

Metronic HTML

1 Answers

Text formatting options

Private reply Submit

Click any option to insert into your comment. Select text first to wrap it.

**text** to make things bold
*text* to emphasize
### Heading to make headings
[link text](url) for links
![alt text](image-url) to paste in an image
- item to make a list
1. item to make an ordered list
> quote to quote somebody
`code` for single line of code
```js ... ``` for JS code block
```html ... ``` for HTML code block
```scss ... ``` for SCSS code block
```php ... ``` for PHP code block
--- for a horizontal rule
:)
:|
:(

Replies (1)

Sean Author 1 year ago

Hi,

Thank you for your feedback. We will check this further and include this update in the upcoming planned Metronic v8.2.x update in the coming weeks.

Regards,
Sea

Metronic

Go to Metronic Downloads License Guide & FAQ Purchase Metronic Refunds

Metronic HTML v8.* - Toastr 2.1.4 XSS

Replies (1)

Metronic

Products

Legal

Stay Connected