14 matches found
EUVD-2024-0422
Malicious code in bioql PyPI...
CVE-2024-23841
apollo-client-nextjs is the Apollo Client support for the Next.js App Router. The @apollo/experimental-apollo-client-nextjs NPM package is vulnerable to a cross-site scripting vulnerability. To exploit this vulnerability, an attacker would need to either inject malicious input e.g. by redirecting...
Malicious code in apollo-client-error-template (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis fe552e4b70220e1bb21d16486e988a993baf13fe78babd1d269cea3a7a765954 The OpenSSF Package Analysis project identified 'apollo-client-error-template' @ 2.0.0 npm as malicious. It is considered malicious because: - T...
MAL-2024-9008 Malicious code in apollo-client-error-template (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis fe552e4b70220e1bb21d16486e988a993baf13fe78babd1d269cea3a7a765954 The OpenSSF Package Analysis project identified 'apollo-client-error-template' @ 2.0.0 npm as malicious. It is considered malicious because: - T...
GHSA-RV8P-RR2H-FGPG @apollo/experimental-nextjs-app-support Cross-site Scripting vulnerability
Impact The @apollo/experimental-apollo-client-nextjs NPM package is vulnerable to a cross-site scripting vulnerability. This vulnerability arises from improper handling of untrusted input when @apollo/experimental-apollo-client-nextjs performs server-side rendering of HTML pages. To fix this...
Cross site scripting
apollo-client-nextjs is the Apollo Client support for the Next.js App Router. The @apollo/experimental-apollo-client-nextjs NPM package is vulnerable to a cross-site scripting vulnerability. To exploit this vulnerability, an attacker would need to either inject malicious input e.g. by redirecting...
CVE-2024-23841 XSS in @apollo/experimental-nextjs-app-support
apollo-client-nextjs is the Apollo Client support for the Next.js App Router. The @apollo/experimental-apollo-client-nextjs NPM package is vulnerable to a cross-site scripting vulnerability. To exploit this vulnerability, an attacker would need to either inject malicious input e.g. by redirecting...
CVE-2024-23841
CVE-2024-23841 affects the Next.js Apollo client integration, specifically the package @apollo/experimental-apollo-client-nextjs. The vulnerability is a cross-site scripting issue arising from improper handling of untrusted input during server-side rendering of HTML pages. Exploitation would requ...
CVE-2024-23841 XSS in @apollo/experimental-nextjs-app-support
apollo-client-nextjs is the Apollo Client support for the Next.js App Router. The @apollo/experimental-apollo-client-nextjs NPM package is vulnerable to a cross-site scripting vulnerability. To exploit this vulnerability, an attacker would need to either inject malicious input e.g. by redirecting...
CVE-2024-23841 XSS in @apollo/experimental-nextjs-app-support
apollo-client-nextjs is the Apollo Client support for the Next.js App Router. The @apollo/experimental-apollo-client-nextjs NPM package is vulnerable to a cross-site scripting vulnerability. To exploit this vulnerability, an attacker would need to either inject malicious input e.g. by redirecting...
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
apollo-client-nextjs is the Apollo Client support for the Next.js App Router. The @apollo/experimental-apollo-client-nextjs NPM package is vulnerable to a cross-site scripting vulnerability. To exploit this vulnerability, an attacker would need to either inject malicious input e.g. by redirecting...
Apollo Cross-Site Scripting Vulnerability
Apollo is a set of PHP scripts by Alex Breen, an individual developer. It is intended to provide a web-based interface for students to upload coursework. A cross-site scripting vulnerability exists in Apollo apollo-client-nextjs versions prior to 0.7.0, which stems from mishandling of untrusted...
PT-2024-20116 · Unknown · Apollo-Client-Nextjs +1
Name of the Vulnerable Software and Affected Versions: apollo-client-nextjs versions prior to 0.7.0 Description: The @apollo/experimental-apollo-client-nextjs NPM package is vulnerable to a cross-site scripting vulnerability. This issue arises from improper handling of untrusted input when the...
4everland-pinning (>=1.0.4 <=1.0.10), @0x5e/homebridge-tuya-platform (>=1.6.0 <=1.7.0-beta.58) +3260 more potentially affected by CVE-2019-5432 via mqtt-packet (>=6.0.0 <=6.10.0)
mqtt-packet NPM version =6.0.0, =1.0.4, =1.6.0, =1.0.1, =0.2.0, =0.4.19, =0.12.0, =0.1.5, =0.1.8, =0.1.3, =0.12.0, =0.1.0, =0.8.3, =0.12.0, =0.12.0, =0.12.0, =0.14.4 and more Source cves: CVE-2019-5432 Source advisory: OSV:GHSA-WV67-9JQ7-8R69...