Lucene search
+L

9 matches found

susecve
susecve
added 2025/12/12 12:25 a.m.7 views

SUSE CVE-2025-65026

esm.sh is a nobuild content delivery networkCDN for modern web development. Prior to version 136, The esm.sh CDN service contains a Template Literal Injection vulnerability CWE-94 in its CSS-to-JavaScript module conversion feature. When a CSS file is requested with the ?module query parameter,...

9.6CVSS6.8AI score0.00448EPSS
Exploits1References2
redhatcve
redhatcve
added 2025/11/26 4:56 p.m.3 views

CVE-2025-65026

esm.sh is a nobuild content delivery networkCDN for modern web development. Prior to version 136, The esm.sh CDN service contains a Template Literal Injection vulnerability CWE-94 in its CSS-to-JavaScript module conversion feature. When a CSS file is requested with the ?module query parameter,...

6.1CVSS6.8AI score0.00448EPSS
Exploits1References1
osv
osv
added 2025/11/25 6:12 p.m.4 views

GO-2025-4139 esm.sh CDN service has JS Template Literal Injection in CSS-to-JavaScript in github.com/esm-dev/esm.sh

esm.sh CDN service has JS Template Literal Injection in CSS-to-JavaScript in github.com/esm-dev/esm.sh...

9.6CVSS7.2AI score0.00448EPSS
Exploits1References3
github
github
added 2025/11/19 8:31 p.m.11 views

esm.sh CDN service has JS Template Literal Injection in CSS-to-JavaScript

Summary The esm.sh CDN service contains a Template Literal Injection vulnerability CWE-94 in its CSS-to-JavaScript module conversion feature. When a CSS file is requested with the ?module query parameter, esm.sh converts it to a JavaScript module by embedding the CSS content directly into a...

9.6CVSS7.5AI score0.00448EPSS
Exploits1References4Affected Software1
snyk
snyk
added 2025/11/19 8:31 p.m.3 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection in the CSS-to-JavaScript module conversion feature. An attacker can execute arbitrary JavaScript code by injecting $... expressions into CSS files, which are then evaluated when the resulting JavaScript module i...

9.6CVSS7.6AI score0.00448EPSS
Exploits1References2
nvd
nvd
added 2025/11/19 6:15 p.m.14 views

CVE-2025-65026

esm.sh is a nobuild content delivery networkCDN for modern web development. Prior to version 136, The esm.sh CDN service contains a Template Literal Injection vulnerability CWE-94 in its CSS-to-JavaScript module conversion feature. When a CSS file is requested with the ?module query parameter,...

9.6CVSS0.00448EPSS
Exploits1References2
cve
cve
added 2025/11/19 5:33 p.m.27 views

CVE-2025-65026

CVE-2025-65026 affects esm.sh prior to version 136. The vulnerability arises when the CSS-to-JavaScript module conversion inserts CSS into a JavaScript template literal without sanitization, allowing template literals to execute ${...} expressions. This can enable XSS in browsers and potential RC...

9.6CVSS6.4AI score0.00448EPSS
Exploits1References2Affected Software1
cvelist
cvelist
added 2025/11/19 5:33 p.m.16 views

CVE-2025-65026 esm.sh CDN service has JS Template Literal Injection in CSS-to-JavaScript

esm.sh is a nobuild content delivery networkCDN for modern web development. Prior to version 136, The esm.sh CDN service contains a Template Literal Injection vulnerability CWE-94 in its CSS-to-JavaScript module conversion feature. When a CSS file is requested with the ?module query parameter,...

6.1CVSS0.00448EPSS
Exploits1References2
osv
osv
added 2025/11/19 5:33 p.m.8 views

CVE-2025-65026 esm.sh CDN service has JS Template Literal Injection in CSS-to-JavaScript

esm.sh is a nobuild content delivery networkCDN for modern web development. Prior to version 136, The esm.sh CDN service contains a Template Literal Injection vulnerability CWE-94 in its CSS-to-JavaScript module conversion feature. When a CSS file is requested with the ?module query parameter,...

6.1CVSS6.7AI score0.00448EPSS
Exploits1References4
Rows per page
Query Builder