Lucene search
AnonymousNODEJS:1606HistoryFeb 19, 2021 - 7:06 p.m.
Cross-Site Scripting (XSS)
2021-02-1919:06:31
Anonymous
www.npmjs.com
26
0.002 Low
EPSS
Percentile
55.1%
Overview
In affected versions of hellojs (hello.js) there is a cross-site scripting bug. The code get the param oauth_redirect from url and pass it to location.assign without any check and sanitisation. It is possible to simply pass some XSS payloads into the url param oauth_redirect, such as javascript:alert(1).
Recommendation
Update to fixed version 1.18.6 or later
References
Related
cve
cve
CVE-2020-7741
2020-10-06 15:15:15
CVE-2020-26938
2022-08-29 21:15:08
osv
osv
XSS in hello.js
2021-01-13 19:07:01
CVE-2020-7741
2020-10-06 15:15:15
oauth2-server through 3.1.1 vulnerable to Open Redirect
2022-08-30 00:00:26
nvd
nvd
CVE-2020-7741
2020-10-06 15:15:15
CVE-2020-26938
2022-08-29 21:15:08
veracode
veracode
Cross-site Scripting (XSS)
2020-10-07 03:31:34
prion
prion
Design/Logic Flaw
2020-10-06 15:15:00
Authorization
2022-08-29 21:15:00
cvelist
cvelist
CVE-2020-7741 Cross-site Scripting (XSS)
2020-10-06 00:00:00
CVE-2020-26938
2022-08-29 20:51:04
github
github
XSS in hello.js
2021-01-13 19:07:01
oauth2-server through 3.1.1 vulnerable to Open Redirect
2022-08-30 00:00:26