3 matches found
CVE-2020-8823
A cross-site scripting XSS vulnerability was found in the Node.js library, sockjs. An attacker could use this vulnerability to supply a query string with script tags, which could trick a victim into executing a specially crafted JavaScript code...
CVE-2020-8823
htmlfile in lib/transport/htmlfile.js in SockJS before 0.3.0 is vulnerable to Reflected XSS via the /htmlfile c aka callback parameter...
CVE-2020-8823
SockJS contains a reflected XSS in htmlfile.js (lib/transport/htmlfile.js) exploitable via the /htmlfile callback parameter. Affected: SockJS prior to 0.3.0 (per CVE-2020-8823) with the issue described as Reflected XSS. Root cause is improper handling of non-alphanumeric characters in the callbac...