Lucene search
K

7 matches found

vulnersOsv
vulnersOsv
added 2021/11/08 5:50 p.m.5 views

@lukeed/bongo (>=0.0.1 <=0.0.12), @novivia/build-module (>=0.3.0 <=0.5.3) +3 more potentially affected by CVE-2021-23784 via tempura (>=0.0.8 <=0.3.2)

tempura NPM version =0.0.8, =0.0.1, =0.3.0, =0.6.0, =0.0.1, =3.4.0, =4.12.3 Source cves: CVE-2021-23784 Source advisory: OSV:GHSA-W4V7-HWX7-9929...

6.1CVSS6.3AI score0.01219EPSS
Exploits1
Circl
Circl
added 2021/11/03 9:23 p.m.6 views

CVE-2021-23784

creationtimestamp| type| source ---|---|--- 2021-11-03 21:23:31+00:00| seen| https://t.me/cibsecurity/31768...

6.1CVSS6AI score0.01219EPSS
Exploits1References1
OSV
OSV
added 2021/11/03 6:15 p.m.19 views

CVE-2021-23784

This affects the package tempura before 0.4.0. If the input to the esc function is of type object i.e an array it is returned without being escaped/sanitized, leading to a potential Cross-Site Scripting vulnerability...

6.1CVSS6.2AI score
Exploits0References3
NVD
NVD
added 2021/11/03 6:15 p.m.11 views

CVE-2021-23784

This affects the package tempura before 0.4.0. If the input to the esc function is of type object i.e an array it is returned without being escaped/sanitized, leading to a potential Cross-Site Scripting vulnerability...

6.1CVSS0.01219EPSS
Exploits1References3
CVE
CVE
added 2021/11/03 5:20 p.m.41 views

CVE-2021-23784

CVE-2021-23784 affects the tempura templating package prior to 0.4.0. The esc function does not escape/sanitize inputs when the value is of type object (e.g., an array), allowing unescaped content to be returned and potentially exploited as Cross-Site Scripting (XSS). The vulnerability impact is ...

6.1CVSS5.7AI score0.01219EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2021/11/03 5:20 p.m.16 views

CVE-2021-23784 Cross-site Scripting (XSS)

This affects the package tempura before 0.4.0. If the input to the esc function is of type object i.e an array it is returned without being escaped/sanitized, leading to a potential Cross-Site Scripting vulnerability...

5.4CVSS6.2AI score0.01219EPSS
Exploits1References3
vulnersOsv
vulnersOsv
added 2021/08/25 3:30 p.m.5 views

@lukeed/bongo (>=0.0.1 <=0.0.12), @novivia/build-module (>=0.3.0 <=0.5.3) +3 more potentially affected by CVE-2021-23784 via tempura (>=0.0.8 <=0.3.2)

tempura NPM version =0.0.8, =0.0.1, =0.3.0, =0.6.0, =0.0.1, =3.4.0, =4.12.3 Source cves: CVE-2021-23784 Source advisory: SNYK:JS-TEMPURA-1569633...

6.1CVSS6.3AI score0.01219EPSS
Exploits1
Rows per page
Query Builder