CVE-2022-1243

CRHTLF can lead to invalid protocol extraction potentially leading to XSS in GitHub repository medialize/uri.js prior to 1.19.11...

CVE-2022-1243 CRHTLF can lead to invalid protocol extraction potentially leading to XSS in medialize/uri.js

CRHTLF can lead to invalid protocol extraction potentially leading to XSS in GitHub repository medialize/uri.js prior to 1.19.11...

CVE-2022-1243

CVE-2022-1243 concerns the medialize/uri.js library. The issue, caused by CRHTLF, can lead to invalid protocol extraction and potential cross‑site scripting (XSS) when processing user‑supplied URLs in uri.js prior to version 1.19.11. The vulnerability affects medialize/uri.js used by projects suc...

CRHTLF can lead to invalid protocol extraction potentially leading to XSS

Description \r, \n, \t characters in the URI can lead to XSS as URI.js will fail to extract javascript: protocol from a URI. See Section 4.4 Step 3 "Remove all ASCII tab or newline from input." of the WHATWG URL spec. Proof of Concept const parse = require'urijs' const express = require'express'...