Lucene search

CVE-2020-7741

🗓️ 06 Oct 2020 15:15:15Reported by snykType

cve🔗 web.nvd.nist.gov📰️ 2 Media mentions👁 40 Views

CVE-2020-7741 affects hellojs before 1.18.6, allowing XSS via the oauth_redirect param

Reporter	Title	Published	Views	Family All 15
OSV	XSS in hello.js	13 Jan 202119:07	–	osv
OSV	CVE-2020-7741	6 Oct 202015:15	–	osv
OSV	CVE-2020-26938	29 Aug 202221:15	–	osv
OSV	oauth2-server through 3.1.1 vulnerable to Open Redirect	30 Aug 202200:00	–	osv
NVD	CVE-2020-7741	6 Oct 202015:15	–	nvd
NVD	CVE-2020-26938	29 Aug 202221:15	–	nvd
Prion	Design/Logic Flaw	6 Oct 202015:15	–	prion
Prion	Authorization	29 Aug 202221:15	–	prion
Veracode	Cross-site Scripting (XSS)	7 Oct 202003:31	–	veracode
Cvelist	CVE-2020-7741 Cross-site Scripting (XSS)	6 Oct 202014:30	–	cvelist

Nvd

Node

hello.js_project hello.jsRange<1.18.6node.js

[
  {
    "product": "hellojs",
    "vendor": "n/a",
    "versions": [
      {
        "lessThan": "1.18.6",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
snyk	www.snyk.io/vuln/SNYK-JS-HELLOJS-1014546
github	www.github.com/MrSwitch/hello.js/blob/3b79ec93781b3d7b9c0b56f598e060301d1f3e73/dist/hello.all.js%23L1545
github	www.github.com/MrSwitch/hello.js/commit/d6f5137f30de6e0ef7048191ee6ae575fdc2f669

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

06 Oct 2020 15:15Current

8High risk

Vulners AI Score8

CVSS27.5

CVSS39.9

EPSS0.00287

CWE-79