Lucene search
GitHub Advisory DatabaseGHSA-VWHG-JWR4-VXGGHistoryAug 15, 2024 - 6:06 p.m.
gettext.js has a Cross-site Scripting injection
2024-08-1518:06:50
CWE-79
GitHub Advisory Database
github.com
5
xss injection
update
gettext.js
vulnerability
dictionary files
origin control
plural forms
software
CVSS3
7.2
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
AI Score
6.1
Confidence
High
EPSS
0
Percentile
9.5%
Impact
Possible vulnerability to XSS injection if .po dictionary definition files is corrupted
Patches
Update gettext.js to 2.0.3
Workarounds
Make sure you control the origin of the definition catalog to prevent the use of this flaw in the definition of plural forms.
Affected configurations
Node
gettext.jsRange<2.0.3
| Vendor | Product | Version | CPE |
|---|---|---|---|
| * | gettext.js | * | cpe:2.3:a:*:gettext.js:*:*:*:*:*:*:*:* |
Related
osv
osv
CVE-2024-43370
2024-08-16 02:15:17
gettext.js has a Cross-site Scripting injection
2024-08-15 18:06:50
debiancve
debiancve
CVE-2024-43370
2024-08-16 02:15:17
nvd
nvd
CVE-2024-43370
2024-08-16 02:15:17
cve
cve
CVE-2024-43370
2024-08-16 02:15:17
cvelist
cvelist
CVE-2024-43370 gettext.js vulnerable to cross-site scripting (XSS)
2024-08-15 23:44:47
vulnrichment
vulnrichment
CVE-2024-43370 gettext.js vulnerable to cross-site scripting (XSS)
2024-08-15 23:44:47
veracode
veracode
Cross-Site Scripting
2024-08-16 10:25:00
ubuntucve
ubuntucve
CVE-2024-43370
2024-08-16 00:00:00
CVSS3
7.2
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
AI Score
6.1
Confidence
High
EPSS
0
Percentile
9.5%
Related for GHSA-VWHG-JWR4-VXGG