Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:GHSA-GH4G-3GM9-5WRQ
HistoryMay 29, 2019 - 6:38 p.m.

Cross-Site Scripting in shave

2019-05-2918:38:08
Google
osv.dev
6

0.001 Low

EPSS

Percentile

31.8%

JSON

Versions of shave prior to 2.5.3 are vulnerable to Cross-Site Scripting. The shave package overwrites HTML elements and in doing so fails to properly encode the output. If encoded HTML input is passed into shave the output will be decoded which may lead to Cross-Site Scripting.

Recommendation

Upgrade to version 2.5.3 or later.

CPENameOperatorVersion
shavelt2.5.3

Related

githubexploit 1
cvelist 1
nvd 1
veracode 1
osv 1
cve 1
prion 1
github 1
githubexploit
githubexploit
Exploit for Cross-site Scripting in Dollarshaveclub Shave
2020-12-01 09:18:57
cvelist
cvelist
CVE-2019-12313
2019-05-24 13:30:50
nvd
nvd
CVE-2019-12313
2019-05-24 14:29:00
veracode
veracode
Cross-site Scripting (XSS)
2019-05-27 02:28:28
osv
osv
CVE-2019-12313
2019-05-24 14:29:00
cve
cve
CVE-2019-12313
2019-05-24 14:29:00
prion
prion
Cross site scripting
2019-05-24 14:29:00
github
github
Cross-Site Scripting in shave
2019-05-29 18:38:08

0.001 Low

EPSS

Percentile

31.8%

JSON
Related for OSV:GHSA-GH4G-3GM9-5WRQ
githubexploit1cvelist1nvd1veracode1osv1cve1prion1github1