Lucene search

Content Injection via TileJSON Name in mapbox.js

🗓️ 09 Nov 2018 17:34:48Reported by GitHub Advisory DatabaseType

Content Injection via TileJSON in mapbox.js. Versions 1.x prior to 1.6.6 and 2.x prior to 2.2.4 vulnerable to cross-site-scripting attack in certain scenario

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 8
Prion	Cross site scripting	17 Jul 201713:18	–	prion
Cvelist	CVE-2017-1000043	13 Jul 201720:00	–	cvelist
Node.js	Content Injection via TileJSON Name	11 Jan 201622:27	–	nodejs
OSV	Content Injection via TileJSON Name in mapbox.js	9 Nov 201817:48	–	osv
NVD	CVE-2017-1000043	17 Jul 201713:18	–	nvd
RubySec	mapbox-rails Content Injection via TileJSON Name	11 Jan 201621:00	–	rubygems
CVE	CVE-2017-1000043	17 Jul 201713:18	–	cve
Hacker One	Mapbox: XSS in L.mapbox.shareControl in mapbox.js	12 Nov 201509:51	–	hackerone

Vulners

Node

mapbox-railsRange2.0.0–2.2.4

mapbox-railsRange1.0.0–1.6.6

mapbox mapbox.jsRange2.0.0–2.2.4

mapbox mapbox.jsRange<1.6.6

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2017-1000043
hackerone	www.hackerone.com/reports/99245
github	www.github.com/advisories/GHSA-q69p-5h74-w36f
npmjs	www.npmjs.com/advisories/74
github	www.github.com/rubysec/ruby-advisory-db/blob/master/gems/mapbox-rails/CVE-2017-1000043.yml
nodesecurity	www.nodesecurity.io/advisories/74

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

09 Nov 2018 17:48Current

3.5Low risk

Vulners AI Score3.5

CVSS24.3

CVSS36.1

EPSS0.00164

CWE-79