Lucene search
K

10 matches found

SUSE CVE
SUSE CVE
added 2025/12/12 12:25 a.m.6 views

SUSE CVE-2025-65026

esm.sh is a nobuild content delivery networkCDN for modern web development. Prior to version 136, The esm.sh CDN service contains a Template Literal Injection vulnerability CWE-94 in its CSS-to-JavaScript module conversion feature. When a CSS file is requested with the ?module query parameter,...

9.6CVSS6.8AI score0.00448EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/11/26 4:56 p.m.3 views

CVE-2025-65026

esm.sh is a nobuild content delivery networkCDN for modern web development. Prior to version 136, The esm.sh CDN service contains a Template Literal Injection vulnerability CWE-94 in its CSS-to-JavaScript module conversion feature. When a CSS file is requested with the ?module query parameter,...

6.1CVSS6.8AI score0.00448EPSS
Exploits1References1
OSV
OSV
added 2025/11/19 8:31 p.m.9 views

GHSA-HCPF-QV9M-VFGP esm.sh CDN service has JS Template Literal Injection in CSS-to-JavaScript

Summary The esm.sh CDN service contains a Template Literal Injection vulnerability CWE-94 in its CSS-to-JavaScript module conversion feature. When a CSS file is requested with the ?module query parameter, esm.sh converts it to a JavaScript module by embedding the CSS content directly into a...

6.1CVSS7.5AI score0.00448EPSS
Exploits1References4
EUVD
EUVD
added 2025/11/19 8:31 p.m.6 views

EUVD-2025-198180

esm.sh CDN service has JS Template Literal Injection in CSS-to-JavaScript...

6.1CVSS6.7AI score0.00448EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2025/11/19 8:31 p.m.10 views

esm.sh CDN service has JS Template Literal Injection in CSS-to-JavaScript

Summary The esm.sh CDN service contains a Template Literal Injection vulnerability CWE-94 in its CSS-to-JavaScript module conversion feature. When a CSS file is requested with the ?module query parameter, esm.sh converts it to a JavaScript module by embedding the CSS content directly into a...

9.6CVSS7.5AI score0.00448EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2025/11/19 6:15 p.m.13 views

CVE-2025-65026

esm.sh is a nobuild content delivery networkCDN for modern web development. Prior to version 136, The esm.sh CDN service contains a Template Literal Injection vulnerability CWE-94 in its CSS-to-JavaScript module conversion feature. When a CSS file is requested with the ?module query parameter,...

9.6CVSS0.00448EPSS
Exploits1References2
CVE
CVE
added 2025/11/19 5:33 p.m.26 views

CVE-2025-65026

CVE-2025-65026 affects esm.sh prior to version 136. The vulnerability arises when the CSS-to-JavaScript module conversion inserts CSS into a JavaScript template literal without sanitization, allowing template literals to execute ${...} expressions. This can enable XSS in browsers and potential RC...

9.6CVSS6.4AI score0.00448EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2025/11/19 5:33 p.m.13 views

CVE-2025-65026 esm.sh CDN service has JS Template Literal Injection in CSS-to-JavaScript

esm.sh is a nobuild content delivery networkCDN for modern web development. Prior to version 136, The esm.sh CDN service contains a Template Literal Injection vulnerability CWE-94 in its CSS-to-JavaScript module conversion feature. When a CSS file is requested with the ?module query parameter,...

6.1CVSS0.00448EPSS
Exploits1References2
OSV
OSV
added 2025/11/19 5:33 p.m.7 views

CVE-2025-65026 esm.sh CDN service has JS Template Literal Injection in CSS-to-JavaScript

esm.sh is a nobuild content delivery networkCDN for modern web development. Prior to version 136, The esm.sh CDN service contains a Template Literal Injection vulnerability CWE-94 in its CSS-to-JavaScript module conversion feature. When a CSS file is requested with the ?module query parameter,...

6.1CVSS6.7AI score0.00448EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/11/19 12:0 a.m.6 views

PT-2025-47504

Name of the Vulnerable Software and Affected Versions esm.sh versions prior to 136 Description The esm.sh CDN service has an issue where CSS-to-JavaScript module conversion lacks proper sanitization. When a CSS file is requested with the ?module parameter, it is converted to a JavaScript module,...

6.1CVSS6.4AI score0.00448EPSS
Exploits1References11
Rows per page
Query Builder