10 matches found
EUVD-2024-0403
Malicious code in bioql PyPI...
Cross-site Scripting (XSS)
urql/next is vulnerable to Cross-site scripting XSS. The vulnerability is due to improper sanitization of HTML-like characters in the response stream. An attacker can inject malicious scripts by ensuring that the response returns html tags and that the web-application is using streamed responses...
GHSA-QHJF-HM5J-335W @urql/next Cross-site Scripting vulnerability
impact The @urql/next package is vulnerable to XSS. To exploit this an attacker would need to ensure that the response returns html tags and that the web-application is using streamed responses non-RSC. This vulnerability is due to improper escaping of html-like characters in the response-stream...
@enalmada/next-gql (>=0.0.4 <=0.1.3) potentially affected by CVE-2024-24556 via @urql/next (>=1.0.0 <=1.1.0)
@urql/next NPM version =1.0.0, =0.0.4, =0.1.3 Source cves: CVE-2024-24556 Source advisory: OSV:GHSA-QHJF-HM5J-335W...
@urql/next Cross-site Scripting vulnerability
impact The @urql/next package is vulnerable to XSS. To exploit this an attacker would need to ensure that the response returns html tags and that the web-application is using streamed responses non-RSC. This vulnerability is due to improper escaping of html-like characters in the response-stream...
CVE-2024-24556
urql is a GraphQL client that exposes a set of helpers for several frameworks. The @urql/next package is vulnerable to XSS. To exploit this an attacker would need to ensure that the response returns html tags and that the web-application is using streamed responses non-RSC. This vulnerability is...
CVE-2024-24556 XSS in @urql/next
urql is a GraphQL client that exposes a set of helpers for several frameworks. The @urql/next package is vulnerable to XSS. To exploit this an attacker would need to ensure that the response returns html tags and that the web-application is using streamed responses non-RSC. This vulnerability is...
CVE-2024-24556
CVE-2024-24556 affects the urql family; specifically the @urql/next package is vulnerable to Cross-Site Scripting (XSS). The root cause is improper escaping of HTML-like characters in the response stream, which attackers could exploit when the application uses streamed responses (non-RSC) and the...
CVE-2024-24556 XSS in @urql/next
urql is a GraphQL client that exposes a set of helpers for several frameworks. The @urql/next package is vulnerable to XSS. To exploit this an attacker would need to ensure that the response returns html tags and that the web-application is using streamed responses non-RSC. This vulnerability is...
CVE-2024-24556 XSS in @urql/next
urql is a GraphQL client that exposes a set of helpers for several frameworks. The @urql/next package is vulnerable to XSS. To exploit this an attacker would need to ensure that the response returns html tags and that the web-application is using streamed responses non-RSC. This vulnerability is...