3 matches found
CVE-2020-7749
This affects all versions of package osm-static-maps. User input given to the package is passed directly to a template without escaping ... . As such, it is possible for an attacker to inject arbitrary HTML/JS code and depending on the context. It will be outputted as an HTML on the page which...
CVE-2020-7749
The CVE-2020-7749 issue affects all versions of osm-static-maps where user input is passed directly to a template without escaping ({{{ ... }}}). This enables injection of arbitrary HTML/JS, leading to XSS in the rendered page and, in server contexts (e.g., Puppeteer), potential SSRF and Local Fi...
CVE-2020-7749 Server-side Request Forgery (SSRF)
This affects all versions of package osm-static-maps. User input given to the package is passed directly to a template without escaping ... . As such, it is possible for an attacker to inject arbitrary HTML/JS code and depending on the context. It will be outputted as an HTML on the page which...