10 matches found
EUVD-2025-27629
Malicious code in bioql PyPI...
CVE-2025-9910
Versions of the package jsondiffpatch before 0.7.2 are vulnerable to Cross-site Scripting XSS via HtmlFormatter::nodeBegin. An attacker can inject malicious scripts into HTML payloads that may lead to code execution if untrusted payloads were used as source for the diff, and the result renderer...
GHSA-33VC-WFWW-VJFV jsondiffpatch is vulnerable to Cross-site Scripting (XSS) via HtmlFormatter::nodeBegin
Vulnerability in jsondiffpatch Versions of jsondiffpatch prior to 0.7.2 are vulnerable to Cross-site Scripting XSS in the HtmlFormatter HtmlFormatter::nodeBegin. When diffs are rendered to HTML using the built-in formatter, untrusted payloads can inject scripts and execute in the context of a...
jsondiffpatch is vulnerable to Cross-site Scripting (XSS) via HtmlFormatter::nodeBegin
Vulnerability in jsondiffpatch Versions of jsondiffpatch prior to 0.7.2 are vulnerable to Cross-site Scripting XSS in the HtmlFormatter HtmlFormatter::nodeBegin. When diffs are rendered to HTML using the built-in formatter, untrusted payloads can inject scripts and execute in the context of a...
CVE-2025-9910
Versions of the package jsondiffpatch before 0.7.2 are vulnerable to Cross-site Scripting XSS via HtmlFormatter::nodeBegin. An attacker can inject malicious scripts into HTML payloads that may lead to code execution if untrusted payloads were used as source for the diff, and the result renderer...
CVE-2025-9910
Versions of the package jsondiffpatch before 0.7.2 are vulnerable to Cross-site Scripting XSS via HtmlFormatter::nodeBegin. An attacker can inject malicious scripts into HTML payloads that may lead to code execution if untrusted payloads were used as source for the diff, and the result renderer...
CVE-2025-9910
CVE-2025-9910 (jsondiffpatch) affects versions prior to 0.7.2 of jsondiffpatch, where HtmlFormatter::nodeBegin can be exploited to inject HTML/JS (XSS) that may enable code execution if untrusted payloads are diffed and rendered with the built-in HTML formatter on a private website. The entry not...
CVE-2025-9910
Versions of the package jsondiffpatch before 0.7.2 are vulnerable to Cross-site Scripting XSS via HtmlFormatter::nodeBegin. An attacker can inject malicious scripts into HTML payloads that may lead to code execution if untrusted payloads were used as source for the diff, and the result renderer...
Cross-site Scripting (XSS)
Overview org.webjars.npm:jsondiffpatch is a JSON diff & patch object and array diff, text diff, multiple output formats Affected versions of this package are vulnerable to Cross-site Scripting XSS via HtmlFormatter::nodeBegin. An attacker can inject malicious scripts into HTML payloads that may...
Cross-site Scripting (XSS)
cucumber is vulnerable to cross-site scripting XSS attacks. The HTML formatter appends any scenario output without sanitization, allowing a malicious user to inject and execute arbitrary HTML code...