CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

85 matches found

Github Security Blog•added 2025/02/10 6:30 p.m.•11 views

Cross-site Scripting (XSS) in serialize-javascript

A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain inputs, such as regex or other JavaScript object types, allowing an attacker to inject malicious code. This code could be executed when deserialized by...

5.4CVSS5.2AI score0.01129EPSS

Exploits0References27Affected Software1

OSV•added 2025/02/10 4:15 p.m.•9 views

CVE-2024-11831

5.4CVSS5.3AI score0.01129EPSS

Exploits0References23

ATTACKERKB•added 2025/02/10 4:15 p.m.•2 views

CVE-2024-11831

5.4CVSS5.8AI score0.01129EPSS

Exploits0References25Affected Software55

OSV•added 2025/02/10 4:15 p.m.•1 views

DEBIAN-CVE-2024-11831

5.4CVSS7.3AI score0.01129EPSS

Exploits0References1

NVD•added 2025/02/10 4:15 p.m.•6 views

CVE-2024-11831

5.4CVSS0.01129EPSS

Exploits0References24

OSV•added 2025/02/10 4:15 p.m.•0 views

UBUNTU-CVE-2024-11831

5.4CVSS7.1AI score0.01129EPSS

Exploits0References6

Cvelist•added 2025/02/10 3:27 p.m.•11 views

CVE-2024-11831 Npm-serialize-javascript: cross-site scripting (xss) in serialize-javascript

5.4CVSS0.01129EPSS

Exploits0References24

Vulnrichment•added 2025/02/10 3:27 p.m.•15 views

CVE-2024-11831 Npm-serialize-javascript: cross-site scripting (xss) in serialize-javascript

5.4CVSS5.3AI score0.01129EPSS

Exploits0References24

CVE•added 2025/02/10 3:27 p.m.•320 views

CVE-2024-11831

CVE-2024-11831 is a deserialization/XSS issue in the npm-serialize-javascript package. The impact is described as attackers potentially executing malicious code when serialized data is deserialized by a web browser. Connected docs confirm multiple vendors referencing this CVE: IBM Storage Ceph St...

5.4CVSS5.3AI score0.01129EPSS

Exploits0References24

Debian CVE•added 2025/02/10 3:27 p.m.•10 views

CVE-2024-11831

5.4CVSS7.3AI score0.01129EPSS

Exploits0

CNNVD•added 2025/02/10 12:0 a.m.•1 views

Serialize JavaScript 跨站脚本漏洞

Serialize JavaScript is a Yahoo open source serialization of JavaScript into a JSON superset containing regular expressions and functions. A cross-site scripting vulnerability exists in Serialize JavaScript that stems from not properly cleaning certain inputs. An attacker can exploit the...

5.4CVSS7.1AI score0.01129EPSS

Exploits0References5

RedHat Linux•added 2025/01/14 1:20 a.m.•1 views

npm-serialize-javascript: Cross-site Scripting (XSS) in serialize-javascript

5.4CVSS5.8AI score0.01129EPSS

Exploits0References6

Positive Technologies•added 2024/09/16 12:0 a.m.•3 views

PT-2025-6048

Name of the Vulnerable Software and Affected Versions npm-serialize-javascript versions up to 6.0.1 Description The vulnerability occurs because the serialize-javascript module does not properly sanitize certain inputs, such as regex or other JavaScript object types, allowing an attacker to injec...

5.4CVSS7.2AI score0.01129EPSS

Exploits0References47

Huntr•added 2023/02/27 9:31 a.m.•75 views

Vulnerable javascript dependency used in adminsidepanel.js

Description The adminsidepanel.js used Vue.js v2.6.10, which contains the vulnerable vue-server-renderer's dependency of serialize-javascript. Proof of Concept 1.Go to https://demo.limesurvey.org/tmp/assets/cb9c5d96/build.min/js/adminsidepanel.js and search for Vue.js v2.6.10 term. We can note th...

6.7AI score

Exploits0References3

SUSE CVE•added 2023/02/15 4:7 a.m.•2 views

SUSE CVE-2019-16769

The serialize-javascript npm package before version 2.1.1 is vulnerable to Cross-site Scripting XSS. It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation of...

5.4CVSS7.9AI score0.00406EPSS

Exploits0References3

IBM Security Bulletins•added 2020/12/14 6:38 p.m.•18 views

Security Bulletin: A security vulnerability in Node.js serialize-javascript affects IBM Cloud Pak for Multicloud Management Managed Service.

Summary A security vulnerability in Node.js serialize-javascript affects IBM Cloud Pak for Multicloud Management Managed Service. Vulnerability Details Third Party Entry: 186585 DESCRIPTION: Node.js serialize-javascript module code execution CVSS Base score: 9.8 CVSS Temporal Score: See:...

1AI score

Exploits0Affected Software1

OSV•added 2020/08/11 5:21 p.m.•45 views

GHSA-HXCC-F52P-WC94 Insecure serialization leading to RCE in serialize-javascript

serialize-javascript prior to 3.1.0 allows remote attackers to inject arbitrary code via the function "deleteFunctions" within "index.js". An object such as "foo": /1"/, "bar": "a"@R--0@" was serialized as "foo": /1"/, "bar": "a/1"/, which allows an attacker to escape the bar key. This requires...

8.1CVSS8AI score0.02901EPSS

Exploits0References3

Github Security Blog•added 2020/08/11 5:21 p.m.•345 views

Insecure serialization leading to RCE in serialize-javascript

8.1CVSS4.3AI score0.02901EPSS

Exploits0References3Affected Software1

vulnersOsv•added 2020/08/11 5:21 p.m.•5 views

0x0.icu.anima (=0.1.0), 1.1.0 (=1.0.0) +15458 more potentially affected by CVE-2020-7660 via serialize-javascript (>=1.0.0 <=3.0.0)

serialize-javascript NPM version =1.0.0, =6.2.0, =0.1.0, =0.0.1, =2.0.0, =0.1.0, =1.0.1, =0.1.0, =0.24.0, =0.29.0 and more Source cves: CVE-2020-7660 Source advisory: OSV:GHSA-HXCC-F52P-WC94...

8.1CVSS7.2AI score0.02901EPSS

Exploits0

RedHat Linux•added 2020/07/01 6:46 p.m.•23 views

npm-serialize-javascript: allows remote attackers to inject arbitrary code via the function deleteFunctions within index.js

A flaw was found in the serialize-javascript before version 3.1.0. This flaw allows remote attackers to inject arbitrary code via the function "deleteFunctions" within "index.js."...

8.1CVSS6AI score0.02901EPSS

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by