11 matches found
EUVD-2025-30451
Malicious code in bioql PyPI...
CVE-2025-59430
Mesh Connect JS SDK contains JS libraries for integrating with Mesh Connect. Prior to version 3.3.2, the lack of sanitization of URLs protocols in the createLink.openLink function enables the execution of arbitrary JavaScript code within the context of the parent page. This is technically...
Cross-site Scripting (XSS)
Overview @meshconnect/web-link-sdk is an A client-side JS library for integrating with Mesh Connect Affected versions of this package are vulnerable to Cross-site Scripting XSS via the createLink.openLink function. An attacker can execute arbitrary JavaScript code in the context of the parent pag...
GHSA-VH3F-QPPR-J97F Mesh Connect JS SDK Vulnerable to Cross Site Scripting via createLink.openLink
Summary The lack of sanitization of URLs protocols in the createLink.openLink function enables the execution of arbitrary JavaScript code within the context of the parent page. Details...
Mesh Connect JS SDK Vulnerable to Cross Site Scripting via createLink.openLink
Summary The lack of sanitization of URLs protocols in the createLink.openLink function enables the execution of arbitrary JavaScript code within the context of the parent page. Details...
CVE-2025-59430
Mesh Connect JS SDK contains JS libraries for integrating with Mesh Connect. Prior to version 3.3.2, the lack of sanitization of URLs protocols in the createLink.openLink function enables the execution of arbitrary JavaScript code within the context of the parent page. This is technically...
CVE-2025-59430 Mesh Connect JS SDK Vulnerable to Cross Site Scripting via createLink.openLink
Mesh Connect JS SDK contains JS libraries for integrating with Mesh Connect. Prior to version 3.3.2, the lack of sanitization of URLs protocols in the createLink.openLink function enables the execution of arbitrary JavaScript code within the context of the parent page. This is technically...
CVE-2025-59430
Mesh Connect JS SDK contains a cross-site scripting (XSS) vulnerability in the web-link component. Prior to version 3.3.2, createLink.openLink does not sanitize the URL protocol, allowing an attacker-controlled base64-encoded payload to set an iframe src that executes arbitrary JavaScript in the ...
CVE-2025-59430 Mesh Connect JS SDK Vulnerable to Cross Site Scripting via createLink.openLink
Mesh Connect JS SDK contains JS libraries for integrating with Mesh Connect. Prior to version 3.3.2, the lack of sanitization of URLs protocols in the createLink.openLink function enables the execution of arbitrary JavaScript code within the context of the parent page. This is technically...
Mesh Connect JS SDK 跨站脚本漏洞
Mesh Connect JS SDK is a Java library from Mesh open source. A cross-site scripting vulnerability exists in Mesh Connect JS SDK versions prior to 3.3.2, which stems from the createLink.openLink function not being cleaned up for the URL protocol, which could lead to the execution of arbitrary...
PT-2025-39033
Name of the Vulnerable Software and Affected Versions Mesh Connect JS SDK versions prior to 3.3.2 Description Mesh Connect JS SDK contains JS libraries for integrating with Mesh Connect. A lack of sanitization of URLs protocols in the createLink.openLink function enables the execution of arbitrar...