Lucene search
GoogleOSV:GHSA-VWHG-JWR4-VXGGHistoryAug 15, 2024 - 6:06 p.m.
gettext.js has a Cross-site Scripting injection
2024-08-1518:06:50
Google
osv.dev
2
gettext.js
cross-site scripting
vulnerability
.po files
update
version 2.0.3
patch
definition catalog
origin
CVSS3
7.2
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
AI Score
6.2
Confidence
High
EPSS
0
Percentile
9.5%
Impact
Possible vulnerability to XSS injection if .po dictionary definition files is corrupted
Patches
Update gettext.js to 2.0.3
Workarounds
Make sure you control the origin of the definition catalog to prevent the use of this flaw in the definition of plural forms.
Related
osv
osv
CVE-2024-43370
2024-08-16 02:15:17
debiancve
debiancve
CVE-2024-43370
2024-08-16 02:15:17
nvd
nvd
CVE-2024-43370
2024-08-16 02:15:17
cve
cve
CVE-2024-43370
2024-08-16 02:15:17
cvelist
cvelist
CVE-2024-43370 gettext.js vulnerable to cross-site scripting (XSS)
2024-08-15 23:44:47
vulnrichment
vulnrichment
CVE-2024-43370 gettext.js vulnerable to cross-site scripting (XSS)
2024-08-15 23:44:47
ubuntucve
ubuntucve
CVE-2024-43370
2024-08-16 00:00:00
veracode
veracode
Cross-Site Scripting
2024-08-16 10:25:00
github
github
gettext.js has a Cross-site Scripting injection
2024-08-15 18:06:50
CVSS3
7.2
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
AI Score
6.2
Confidence
High
EPSS
0
Percentile
9.5%
Related for OSV:GHSA-VWHG-JWR4-VXGG