9 matches found
Cross-site Scripting (XSS)
@braintree/sanitize-url is vulnerable to Cross-site Scripting XSS. The vulnerability exists because the decodeHtmlCharacters function in index.ts does not properly sanitize html encoded colons in the urlSchemeRegex parameter, which allows an attacker to inject and execute malicious JavaScript by...
@0xgg/echomd (>=1.0.0 <=1.0.4), @adobe/parliament-ui-components (>=4.6.0 <=5.1.0) +743 more potentially affected by CVE-2022-48345 via @braintree/sanitize-url (>=1.0.0 <=6.0.0)
@braintree/sanitize-url NPM version =1.0.0, =1.0.0, =4.6.0, =2.6.1, =0.1.0, =0.0.18, =0.0.0-development, =6.8.0, =0.1.2, =2.2.2, =0.5.0, =3.23.0, =0.0.0-nightly-2020972106, =0.1.1-alpha.19, =0.1.1-alpha.21 and more Source cves: CVE-2022-48345 Source advisory: OSV:GHSA-Q8GG-VJ6M-HGMJ...
Braintree sanitize-url 跨站脚本漏洞
Braintree sanitize-url is an open source URL cleanup from Braintree USA. A security vulnerability exists in Braintree sanitize-url prior to version 6.0.2, which stems from allowing XSS attacks via HTML entities...
@0xgg/echomd (>=1.0.0 <=1.0.4), @adobe/parliament-ui-components (>=4.6.0 <=5.1.0) +718 more potentially affected by CVE-2021-23648 via @braintree/sanitize-url (>=1.0.0 <=5.0.2)
@braintree/sanitize-url NPM version =1.0.0, =1.0.0, =4.6.0, =2.6.1, =0.1.0, =0.0.18, =6.8.0, =0.1.2, =2.2.2, =0.5.0, =3.23.0, =0.0.0-nightly-2020972106, =0.1.1-alpha.19, =0.1.0, =0.1.0-integrate-flowzone-f2df00320763c10337790c7657713f782ca7a948 and more Source cves: CVE-2021-23648 Source advisory...
GHSA-HQQ7-2Q2V-82XQ Cross-site Scripting in sanitize-url
The package @braintree/sanitize-url before 6.0.0 is vulnerable to Cross-site Scripting XSS due to improper sanitization in the sanitizeUrl function...
CVE-2021-23648
The package @braintree/sanitize-url before 6.0.0 are vulnerable to Cross-site Scripting XSS due to improper sanitization in sanitizeUrl function...
Cross site scripting
The package @braintree/sanitize-url before 6.0.0 are vulnerable to Cross-site Scripting XSS due to improper sanitization in sanitizeUrl function...
Braintree sanitize-url 跨站脚本漏洞
Braintree sanitize-url is an open source URL cleanup from Braintree, Inc. A cross-site scripting vulnerability exists in versions prior to Braintree sanitize-url 6.0.0, which stems from a lack of user-supplied data and output data validation filtering in the sanitizeUrl function. An attacker coul...
Cross-site Scripting (XSS)
Overview @braintree/sanitize-url is an A url sanitizer Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper sanitization in sanitizeUrl function. PoC: js const sanitizeUrl = require"@braintree/sanitize-url".sanitizeUrl forconst vector of...