Lucene search
K

4 matches found

Prion
Prion
added 2022/08/29 9:15 p.m.22 views

Authorization

In oauth2-server aka node-oauth2-server through 3.1.1, the value of the redirecturi parameter received during the authorization and token request is checked against an incorrect URI pattern "a-zA-Za-zA-Z0-9+.-+:" before making a redirection. This allows a malicious client to pass an XSS payload...

6.4CVSS7.8AI score0.01476EPSS
Exploits1References5Affected Software1
vulnersOsv
vulnersOsv
added 2021/01/13 7:7 p.m.6 views

kinvey-angular-sdk (>=3.4.0 <=3.5.3), kinvey-angular2-sdk (>=3.4.1 <=3.5.2) +6 more potentially affected by CVE-2020-7741 via hellojs (>=1.13.1 <=1.14.1)

hellojs NPM version =1.13.1, =3.4.0, =3.4.1, =3.4.1, =3.4.0, =3.4.1, =3.4.0, =3.4.0, =3.4.1, =3.5.2 Source cves: CVE-2020-7741 Source advisory: OSV:GHSA-7JH9-6CPF-H4M7...

9.9CVSS7.1AI score0.01476EPSS
Exploits0
OSV
OSV
added 2020/10/06 3:15 p.m.15 views

CVE-2020-7741

This affects the package hellojs before 1.18.6. The code get the param oauthredirect from url and pass it to location.assign without any check and sanitisation. So we can simply pass some XSS payloads into the url param oauthredirect, such as javascript:alert1...

9.9CVSS6.1AI score
Exploits0References3
Cvelist
Cvelist
added 2020/10/06 2:30 p.m.33 views

CVE-2020-7741 Cross-site Scripting (XSS)

This affects the package hellojs before 1.18.6. The code get the param oauthredirect from url and pass it to location.assign without any check and sanitisation. So we can simply pass some XSS payloads into the url param oauthredirect, such as javascript:alert1...

9.9CVSS8.1AI score0.01476EPSS
Exploits0References3
Rows per page
Query Builder