2 matches found
@arturl/pulumi-mcp-server (=0.1.9), @collegue/mcp (>=1.0.1 <=1.0.2) +31 more potentially affected by CVE-2025-58444 via @modelcontextprotocol/inspector-client (>=0.10.2 <=0.15.0)
@modelcontextprotocol/inspector-client NPM version =0.10.2, =1.0.1, =2.0.10, =0.0.0-semantically-released, =0.0.0-alpha.0, =2.1.0, =2.1.0, =0.10.0, =0.15.0 and more Source cves: CVE-2025-58444 Source advisory: SNYK:JS-MODELCONTEXTPROTOCOLINSPECTORCLIENT-12704855...
Cross-site Scripting (XSS)
Overview @modelcontextprotocol/inspector-client is a Client-side application for the Model Context Protocol inspector Affected versions of this package are vulnerable to Cross-site Scripting XSS via the redirect URI parameter when connecting to an untrusted remote server. An attacker can execute...