CVE-2024-3570 Stored XSS leading to Admin Account Takeover in mintplex-labs/anything-llm

A stored Cross-Site Scripting XSS vulnerability exists in the chat functionality of the mintplex-labs/anything-llm repository, allowing attackers to execute arbitrary JavaScript in the context of a user's session. By manipulating the ChatBot responses, an attacker can inject malicious scripts to...

Cross-site scripting in react-bootstrap-table

All versions of package react-bootstrap-table are vulnerable to Cross-site Scripting XSS via the dataFormat parameter. The problem is triggered when an invalid React element is returned, leading to dangerouslySetInnerHTML being used, which does not sanitize the output...

CVE-2021-23398

All versions of package react-bootstrap-table are vulnerable to Cross-site Scripting XSS via the dataFormat parameter. The problem is triggered when an invalid React element is returned, leading to dangerouslySetInnerHTML being used, which does not sanitize the output...

CVE-2021-23398 Cross-site Scripting (XSS)

All versions of package react-bootstrap-table are vulnerable to Cross-site Scripting XSS via the dataFormat parameter. The problem is triggered when an invalid React element is returned, leading to dangerouslySetInnerHTML being used, which does not sanitize the output...

Cross site scripting

In auth0-lock versions before and including 11.25.1, dangerouslySetInnerHTML is used to update the DOM. When dangerouslySetInnerHTML is used, the application and its users might be exposed to cross-site scripting XSS attacks...

CVE-2020-15119

CVE-2020-15119 concerns the auth0-lock widget. Vulnerability: using dangerouslySetInnerHTML to update the DOM can enable cross-site scripting (XSS) when Passwordless or Enterprise connections are used. Affected versions: before and including 11.25.1. Impact: potential exposure of arbitrary JavaSc...

CVE-2020-15119 DOM-based XSS in auth0-lock

In auth0-lock versions before and including 11.25.1, dangerouslySetInnerHTML is used to update the DOM. When dangerouslySetInnerHTML is used, the application and its users might be exposed to cross-site scripting XSS attacks...

DOM-based XSS

Overview Versions before and including 11.25.1 are using dangerouslySetInnerHTML to display an informational message when used with a Passwordless or Enterprise connection. For Passwordless connection, the value of the input email or phone number is displayed back to the user while waiting for...

CVE-2020-12113

BigBlueButton is affected by CVE-2020-12113: prior to version 2.2.4, the Web UI is vulnerable to cross-site scripting via closed captions because dangerouslySetInnerHTML is used in React. This vulnerability allows XSS as described in multiple sources (e.g., BigBlueButton’s 2.2.4 release notes and...

BigBlueButton < 2.2.4 - Reflected Cross-Site Scripting (XSS)

XSS via closed captions because dangerouslySetInnerHTML in React is used...