4 matches found
Linux Distros Unpatched Vulnerability : CVE-2022-48345
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - sanitize-url aka @braintree/sanitize-url before 6.0.2 allows XSS via HTML entities. CVE-2022-48345 Note that Nessus relies on the presence of the package as...
Security Bulletin: Vulnerability in sanitize-url affects IBM Process Mining . CVE-2022-48345
Summary There is a vulnerability in sanitize-url that could allow a remote attacker to execute script in a victim's Web browser due to cross-site scripting. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability...
@0xgg/echomd (>=1.0.0 <=1.0.4), @adobe/parliament-ui-components (>=4.6.0 <=5.1.0) +743 more potentially affected by CVE-2022-48345 via @braintree/sanitize-url (>=1.0.0 <=6.0.0)
@braintree/sanitize-url NPM version =1.0.0, =1.0.0, =4.6.0, =2.6.1, =0.1.0, =0.0.18, =0.0.0-development, =6.8.0, =0.1.2, =2.2.2, =0.5.0, =3.23.0, =0.0.0-nightly-2020972106, =0.1.1-alpha.19, =0.1.1-alpha.21 and more Source cves: CVE-2022-48345 Source advisory: OSV:GHSA-Q8GG-VJ6M-HGMJ...
CVE-2022-48345
CVE-2022-48345 affects sanitize-url (aka @braintree/sanitize-url) before 6.0.2, allowing XSS via HTML entities. Public references show fixes moving to 6.0.2+ (e.g., commit and release notes comparing 6.0.1 → 6.0.2). Remediation: upgrade to 6.0.2 or later.