Lucene search
K

8 matches found

Github Security Blog
Github Security Blog
added 2024/09/19 5:30 p.m.14 views

DOM Clobbering Gadget found in Rspack's AutoPublicPathRuntimeModule that leads to XSS

Hi, Rspack|Webpack developer team! Summary We discovered a DOM Clobbering vulnerability in Webpack’s AutoPublicPathRuntimeModule. The DOM Clobbering gadget in the module can lead to cross-site scripting XSS in web pages where scriptless attacker-controlled HTML elements e.g., an img tag with an...

5.7AI score
Exploits0References3Affected Software1
SUSE CVE
SUSE CVE
added 2024/08/29 3:1 a.m.4 views

SUSE CVE-2024-43788

Webpack is a module bundler. Its main purpose is to bundle JavaScript files for usage in a browser, yet it is also capable of transforming, bundling, or packaging just about any resource or asset. The webpack developers have discovered a DOM Clobbering vulnerability in Webpack's...

6.5CVSS6.4AI score0.00897EPSS
Exploits1References4
OSV
OSV
added 2024/08/27 7:50 p.m.136 views

GHSA-4VVJ-4CPR-P986 Webpack's AutoPublicPathRuntimeModule has a DOM Clobbering Gadget that leads to XSS

Summary We discovered a DOM Clobbering vulnerability in Webpack’s AutoPublicPathRuntimeModule. The DOM Clobbering gadget in the module can lead to cross-site scripting XSS in web pages where scriptless attacker-controlled HTML elements e.g., an img tag with an unsanitized name attribute are...

6.4CVSS6.5AI score0.00897EPSS
Exploits1References7
Github Security Blog
Github Security Blog
added 2024/08/27 7:50 p.m.237 views

Webpack's AutoPublicPathRuntimeModule has a DOM Clobbering Gadget that leads to XSS

Summary We discovered a DOM Clobbering vulnerability in Webpack’s AutoPublicPathRuntimeModule. The DOM Clobbering gadget in the module can lead to cross-site scripting XSS in web pages where scriptless attacker-controlled HTML elements e.g., an img tag with an unsanitized name attribute are...

6.4CVSS6.2AI score0.00897EPSS
Exploits1References7Affected Software1
Vulnrichment
Vulnrichment
added 2024/08/27 5:7 p.m.32 views

CVE-2024-43788 DOM Clobbering Gadget found in Webpack's AutoPublicPathRuntimeModule that leads to Cross-site Scripting (XSS)

Webpack is a module bundler. Its main purpose is to bundle JavaScript files for usage in a browser, yet it is also capable of transforming, bundling, or packaging just about any resource or asset. The webpack developers have discovered a DOM Clobbering vulnerability in Webpack’s...

6.4CVSS5.2AI score0.00897EPSS
Exploits1References5
CVE
CVE
added 2024/08/27 5:7 p.m.350 views

CVE-2024-43788

CVE-2024-43788: Webpack’s AutoPublicPathRuntimeModule DOM clobbering enables XSS via scriptless HTML (e.g., unsanitized name/id attributes). Real-world exploitation observed in Canvas LMS. Fix is in Webpack release 5.94.0; upgrade recommended (no public workarounds documented).

6.4CVSS6AI score0.00897EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2024/08/27 5:7 p.m.35 views

CVE-2024-43788 DOM Clobbering Gadget found in Webpack's AutoPublicPathRuntimeModule that leads to Cross-site Scripting (XSS)

Webpack is a module bundler. Its main purpose is to bundle JavaScript files for usage in a browser, yet it is also capable of transforming, bundling, or packaging just about any resource or asset. The webpack developers have discovered a DOM Clobbering vulnerability in Webpack’s...

6.4CVSS6.3AI score0.00897EPSS
Exploits1References7
Cvelist
Cvelist
added 2024/08/27 5:7 p.m.31 views

CVE-2024-43788 DOM Clobbering Gadget found in Webpack's AutoPublicPathRuntimeModule that leads to Cross-site Scripting (XSS)

Webpack is a module bundler. Its main purpose is to bundle JavaScript files for usage in a browser, yet it is also capable of transforming, bundling, or packaging just about any resource or asset. The webpack developers have discovered a DOM Clobbering vulnerability in Webpack’s...

6.4CVSS0.00897EPSS
Exploits1References5
Rows per page
Query Builder