Lucene search
GoogleOSV:GHSA-HM7F-RQ7Q-J9XPHistoryJan 20, 2023 - 3:30 a.m.
@builder.io/qwik vulnerable to Cross-site Scripting
2023-01-2003:30:28
Google
osv.dev
7
cross-site scripting
attribute handling
software vulnerability
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
26.7%
@builder.io/qwik prior to version 0.16.2 is vulnerable to cross-site scripting due to attribute names and the class attribute values not being properly handled.
Related
cvelist
cvelist
CVE-2023-0410 Cross-site Scripting (XSS) - Generic in builderio/qwik
2023-01-20 00:00:00
github
github
@builder.io/qwik vulnerable to Cross-site Scripting
2023-01-20 03:30:28
prion
prion
Cross site scripting
2023-01-20 01:15:00
osv
osv
CVE-2023-0410
2023-01-20 01:15:10
huntr
huntr
Attributes are not properly handled leading to XSS
2022-12-19 13:17:01
nvd
nvd
CVE-2023-0410
2023-01-20 01:15:10
veracode
veracode
Cross-Site Scripting (XSS)
2023-01-25 10:55:24
cve
cve
CVE-2023-0410
2023-01-20 01:15:10
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
26.7%
Related for OSV:GHSA-HM7F-RQ7Q-J9XP