Lucene search
GoogleOSV:CVE-2020-7741HistoryOct 06, 2020 - 3:15 p.m.
CVE-2020-7741
2020-10-0615:15:15
Google
osv.dev
3
This affects the package hellojs before 1.18.6. The code get the param oauth_redirect from url and pass it to location.assign without any check and sanitisation. So we can simply pass some XSS payloads into the url param oauth_redirect, such as javascript:alert(1).
Related
nvd
nvd
CVE-2020-7741
2020-10-06 15:15:15
CVE-2020-26938
2022-08-29 21:15:08
cve
cve
CVE-2020-7741
2020-10-06 15:15:15
CVE-2020-26938
2022-08-29 21:15:08
osv
osv
XSS in hello.js
2021-01-13 19:07:01
oauth2-server through 3.1.1 vulnerable to Open Redirect
2022-08-30 00:00:26
CVE-2020-26938
2022-08-29 21:15:08
veracode
veracode
Cross-site Scripting (XSS)
2020-10-07 03:31:34
nodejs
nodejs
Cross-Site Scripting (XSS)
2021-02-19 19:06:31
prion
prion
Design/Logic Flaw
2020-10-06 15:15:00
Authorization
2022-08-29 21:15:00
cvelist
cvelist
CVE-2020-7741 Cross-site Scripting (XSS)
2020-10-06 00:00:00
CVE-2020-26938
2022-08-29 20:51:04
github
github
XSS in hello.js
2021-01-13 19:07:01
oauth2-server through 3.1.1 vulnerable to Open Redirect
2022-08-30 00:00:26