5 matches found
CVE-2024-43370
creationtimestamp| type| source ---|---|--- 2024-08-16 05:21:42+00:00| seen| https://t.me/cvedetector/3315...
CVE-2024-43370
gettext.js is a GNU gettext port for node and the browser. There is a cross-site scripting XSS injection if .po dictionary definition files are corrupted. This vulnerability has been patched in version 2.0.3. As a workaround, control the origin of the definition catalog to prevent the use of this...
CVE-2024-43370 gettext.js vulnerable to cross-site scripting (XSS)
gettext.js is a GNU gettext port for node and the browser. There is a cross-site scripting XSS injection if .po dictionary definition files are corrupted. This vulnerability has been patched in version 2.0.3. As a workaround, control the origin of the definition catalog to prevent the use of this...
CVE-2024-43370
gettext.js is a GNU gettext port for node and the browser. There is a cross-site scripting XSS injection if .po dictionary definition files are corrupted. This vulnerability has been patched in version 2.0.3. As a workaround, control the origin of the definition catalog to prevent the use of this...
@superdesk/build-tools (>=1.0.0 <=2.0.1), @ucp-npm/components (>=0.0.4-beta <=0.0.19-beta) +5 more potentially affected by CVE-2024-43370 via gettext.js (>=0.5.5 <=1.2.0)
gettext.js NPM version =0.5.5, =1.0.0, =0.0.4-beta, =1.0.0, =1.0.1, =1.0.0, =0.0.6, =0.0.12 - gettext.js-po-loader =0.0.2 Source cves: CVE-2024-43370 Source advisory: OSV:GHSA-VWHG-JWR4-VXGG...