Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
prionPRIOn knowledge basePRION:CVE-2023-41049
HistorySep 01, 2023 - 8:15 p.m.

Input validation

2023-09-0120:15:00
PRIOn knowledge base
www.prio-n.com
3
npm library
single sign on
authentication
vulnerability
patch
upgrade

0.0005 Low

EPSS

Percentile

17.0%

JSON

@dcl/single-sign-on-client is an open source npm library which deals with single sign on authentication flows. Improper input validation in the init function allows arbitrary javascript to be executed using the javascript: prefix. This vulnerability has been patched on version 0.1.0. Users are advised to upgrade. Users unable to upgrade should limit untrusted user input to the init function.

CPENameOperatorVersion
single_sign_on_clientlt0.1.0

Related

veracode 1
github 1
cve 1
osv 2
nvd 1
cvelist 1
veracode
veracode
Cross Site Scripting (XSS)
2023-09-05 07:31:50
github
github
Improper Neutralization of Script in Attributes in @dcl/single-sign-on-client
2023-09-04 16:36:27
cve
cve
CVE-2023-41049
2023-09-01 20:15:07
osv
osv
CVE-2023-41049
2023-09-01 20:15:07
Improper Neutralization of Script in Attributes in @dcl/single-sign-on-client
2023-09-04 16:36:27
nvd
nvd
CVE-2023-41049
2023-09-01 20:15:07
cvelist
cvelist
CVE-2023-41049 Improper Neutralization of Script in Attributes in @dcl/single-sign-on-client
2023-09-01 19:35:09

0.0005 Low

EPSS

Percentile

17.0%

JSON
Related for PRION:CVE-2023-41049
veracode1github1cve1osv2nvd1cvelist1