We have just purchased the latest version of Metronic in order to have the most up-to-date and secure versions of libraries and components.
We noticed that version v.8.2.9 (latest), which is the one that includes HTML, is still using Toastr version 2.1.4. This version has an active XSS vulnerability that is detected by all modern pentesting tools.
We need you to let us know how to replace or remove the library so we can use another one implemented by us, as the theme in its current state cannot be used in production due to this vulnerability.
https://security.snyk.io/package/npm/toastr/2.1.4
Hi,
Thank you for your feedback. We will check this further and include this update in the upcoming planned Metronic v8.2.x update in the coming weeks.
Regards,
Sea