Lucene search
GoogleOSV:GHSA-7JH9-6CPF-H4M7HistoryJan 13, 2021 - 7:07 p.m.
XSS in hello.js
2021-01-1319:07:01
Google
osv.dev
8
0.002 Low
EPSS
Percentile
55.1%
This affects the package hello.js before 1.18.6. The code get the param oauth_redirect from url and pass it to location.assign without any check and sanitisation. So we can simply pass some XSS payloads into the url param oauth_redirect, such as javascript:alert(1).
Related
nvd
nvd
CVE-2020-7741
2020-10-06 15:15:15
CVE-2020-26938
2022-08-29 21:15:08
cve
cve
CVE-2020-7741
2020-10-06 15:15:15
CVE-2020-26938
2022-08-29 21:15:08
veracode
veracode
Cross-site Scripting (XSS)
2020-10-07 03:31:34
nodejs
nodejs
Cross-Site Scripting (XSS)
2021-02-19 19:06:31
prion
prion
Design/Logic Flaw
2020-10-06 15:15:00
Authorization
2022-08-29 21:15:00
osv
osv
CVE-2020-7741
2020-10-06 15:15:15
oauth2-server through 3.1.1 vulnerable to Open Redirect
2022-08-30 00:00:26
CVE-2020-26938
2022-08-29 21:15:08
cvelist
cvelist
CVE-2020-7741 Cross-site Scripting (XSS)
2020-10-06 00:00:00
CVE-2020-26938
2022-08-29 20:51:04
github
github
XSS in hello.js
2021-01-13 19:07:01
oauth2-server through 3.1.1 vulnerable to Open Redirect
2022-08-30 00:00:26