9 matches found
SUSE CVE-2025-65026
esm.sh is a nobuild content delivery networkCDN for modern web development. Prior to version 136, The esm.sh CDN service contains a Template Literal Injection vulnerability CWE-94 in its CSS-to-JavaScript module conversion feature. When a CSS file is requested with the ?module query parameter,...
CVE-2025-65026
esm.sh is a nobuild content delivery networkCDN for modern web development. Prior to version 136, The esm.sh CDN service contains a Template Literal Injection vulnerability CWE-94 in its CSS-to-JavaScript module conversion feature. When a CSS file is requested with the ?module query parameter,...
GO-2025-4139 esm.sh CDN service has JS Template Literal Injection in CSS-to-JavaScript in github.com/esm-dev/esm.sh
esm.sh CDN service has JS Template Literal Injection in CSS-to-JavaScript in github.com/esm-dev/esm.sh...
esm.sh CDN service has JS Template Literal Injection in CSS-to-JavaScript
Summary The esm.sh CDN service contains a Template Literal Injection vulnerability CWE-94 in its CSS-to-JavaScript module conversion feature. When a CSS file is requested with the ?module query parameter, esm.sh converts it to a JavaScript module by embedding the CSS content directly into a...
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection in the CSS-to-JavaScript module conversion feature. An attacker can execute arbitrary JavaScript code by injecting $... expressions into CSS files, which are then evaluated when the resulting JavaScript module i...
CVE-2025-65026
esm.sh is a nobuild content delivery networkCDN for modern web development. Prior to version 136, The esm.sh CDN service contains a Template Literal Injection vulnerability CWE-94 in its CSS-to-JavaScript module conversion feature. When a CSS file is requested with the ?module query parameter,...
CVE-2025-65026
CVE-2025-65026 affects esm.sh prior to version 136. The vulnerability arises when the CSS-to-JavaScript module conversion inserts CSS into a JavaScript template literal without sanitization, allowing template literals to execute ${...} expressions. This can enable XSS in browsers and potential RC...
CVE-2025-65026 esm.sh CDN service has JS Template Literal Injection in CSS-to-JavaScript
esm.sh is a nobuild content delivery networkCDN for modern web development. Prior to version 136, The esm.sh CDN service contains a Template Literal Injection vulnerability CWE-94 in its CSS-to-JavaScript module conversion feature. When a CSS file is requested with the ?module query parameter,...
CVE-2025-65026 esm.sh CDN service has JS Template Literal Injection in CSS-to-JavaScript
esm.sh is a nobuild content delivery networkCDN for modern web development. Prior to version 136, The esm.sh CDN service contains a Template Literal Injection vulnerability CWE-94 in its CSS-to-JavaScript module conversion feature. When a CSS file is requested with the ?module query parameter,...