Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 4:32 a.m.8 views

CVE-2023-5654

The React Developer Tools extension registers a message listener with window.addEventListener'message', in a content script that is accessible to any webpage that is active in the browser. Within the listener is code that requests a URL derived from the received message via fetch. The URL is not...

6.5CVSS6.9AI score0.00467EPSS
Exploits0References1
Circl
Circl
added 2023/10/19 7:31 p.m.3 views

CVE-2023-5654

creationtimestamp| type| source ---|---|--- 2023-10-19 19:31:53+00:00| seen| https://t.me/cibsecurity/72575...

6.5CVSS6.3AI score0.00467EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2023/10/19 3:31 p.m.8 views

4help-app-shared (>=1.0.21 <=1.0.26), 4help-shared (>=1.0.2 <=1.0.20) +3205 more potentially affected by CVE-2023-5654 via react-devtools-core (>=1.0.6 <=4.28.0)

react-devtools-core NPM version =1.0.6, =1.0.21, =1.0.2, =0.0.1, =1.0.0, =0.0.1, =0.0.1, =1.0.22, =0.0.12, =1.2.0, =1.0.4, =0.0.1, =0.0.6 and more Source cves: CVE-2023-5654 Source advisory: OSV:GHSA-RXRC-RGV4-JPVX...

6.5CVSS6.5AI score0.00467EPSS
Exploits0
NVD
NVD
added 2023/10/19 3:15 p.m.11 views

CVE-2023-5654

The React Developer Tools extension registers a message listener with window.addEventListener'message', in a content script that is accessible to any webpage that is active in the browser. Within the listener is code that requests a URL derived from the received message via fetch. The URL is not...

6.5CVSS6.5AI score0.00467EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/10/19 2:28 p.m.21 views

CVE-2023-5654

The React Developer Tools extension registers a message listener with window.addEventListener'message', in a content script that is accessible to any webpage that is active in the browser. Within the listener is code that requests a URL derived from the received message via fetch. The URL is not...

6.5CVSS6.7AI score0.00467EPSS
Exploits0References1
CVE
CVE
added 2023/10/19 2:28 p.m.89 views

CVE-2023-5654

The CVE-2023-5654 issue affects the React Developer Tools extension and is caused by a content-script listener registered with window.addEventListener('message', …) that fetches a URL derived from a received message without validating/sanitising it. This allows a malicious page to trigger the vic...

6.5CVSS6.5AI score0.00467EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder