4 matches found
Authorization
In oauth2-server aka node-oauth2-server through 3.1.1, the value of the redirecturi parameter received during the authorization and token request is checked against an incorrect URI pattern "a-zA-Za-zA-Z0-9+.-+:" before making a redirection. This allows a malicious client to pass an XSS payload...
kinvey-angular-sdk (>=3.4.0 <=3.5.3), kinvey-angular2-sdk (>=3.4.1 <=3.5.2) +6 more potentially affected by CVE-2020-7741 via hellojs (>=1.13.1 <=1.14.1)
hellojs NPM version =1.13.1, =3.4.0, =3.4.1, =3.4.1, =3.4.0, =3.4.1, =3.4.0, =3.4.0, =3.4.1, =3.5.2 Source cves: CVE-2020-7741 Source advisory: OSV:GHSA-7JH9-6CPF-H4M7...
CVE-2020-7741
This affects the package hellojs before 1.18.6. The code get the param oauthredirect from url and pass it to location.assign without any check and sanitisation. So we can simply pass some XSS payloads into the url param oauthredirect, such as javascript:alert1...
CVE-2020-7741 Cross-site Scripting (XSS)
This affects the package hellojs before 1.18.6. The code get the param oauthredirect from url and pass it to location.assign without any check and sanitisation. So we can simply pass some XSS payloads into the url param oauthredirect, such as javascript:alert1...