CVE-2024-21485

Versions of the package dash-core-components before 2.13.0; versions of the package dash-core-components before 2.0.0; versions of the package dash before 2.15.0; versions of the package dash-html-components before 2.0.0; versions of the package dash-html-components before 2.0.16 are vulnerable t...

Cross-Site Scripting (XSS)

dash-core-components are vulnerable to Cross Site Scripting XSS. The vulnerability is caused due to improper handling of the href attribute of the tag when the href attribute is controlled by an adversary. This allows an attacker to steal data that is visible to another user who opens a view...

buzzword (>=1.2.1 <=1.2.3), dash-tokamak (=1.6.0) +22 more potentially affected by CVE-2024-21485 via dash-core-components (>=0.22.1 <=1.9.1)

dash-core-components PYPI version =0.22.1, =1.2.1, =0.1.0, =2.0.0b0, =0.1.0, =0.1.0, =0.2.0, =1.0.0, =0.0.2, =0.1.13 and more Source cves: CVE-2024-21485 Source advisory: OSV:GHSA-547X-748V-VP6P...

CVE-2024-21485

Versions of the package dash-core-components before 2.13.0; versions of the package dash-core-components before 2.0.0; versions of the package dash before 2.15.0; versions of the package dash-html-components before 2.0.0; versions of the package dash-html-components before 2.0.16 are vulnerable t...

CVE-2024-21485

Versions of the package dash-core-components before 2.13.0; versions of the package dash-core-components before 2.0.0; versions of the package dash before 2.15.0; versions of the package dash-html-components before 2.0.0; versions of the package dash-html-components before 2.0.16 are vulnerable t...

Cross site scripting

Versions of the package dash-core-components before 2.13.0; versions of the package dash-core-components before 2.0.0; versions of the package dash before 2.15.0; versions of the package dash-html-components before 2.0.0; versions of the package dash-html-components before 2.0.16 are vulnerable t...

PYSEC-2024-35

Versions of the package dash-core-components before 2.13.0; all versions of the package dash-core-components; versions of the package dash before 2.15.0; all versions of the package dash-html-components; versions of the package dash-html-components before 2.0.16 are vulnerable to Cross-site...

CVE-2024-21485

Dash Framework (Dash, dash-core-components, dash-html-components) versions before 2.15.0 (core components before 2.13.0/2.0.0; html components before 2.0.0/2.0.16) are vulnerable to Cross-site Scripting (XSS) when the href attribute of an anchor tag is controlled by an attacker. The vulnerability...

CVE-2024-21485

Versions of the package dash-core-components before 2.13.0; versions of the package dash-core-components before 2.0.0; versions of the package dash before 2.15.0; versions of the package dash-html-components before 2.0.0; versions of the package dash-html-components before 2.0.16 are vulnerable t...

Cross-site Scripting (XSS)

Overview dash-core-components is a Core component suite for Dash Affected versions of this package are vulnerable to Cross-site Scripting XSS when the href of the a tag is controlled by an adversary. An authenticated attacker who stores a view that exploits this vulnerability could steal the data...

Cross-site Scripting (XSS)

Overview dash-core-components is a library that provides the core React component suite for Dash. Affected versions of this package are vulnerable to Cross-site Scripting XSS when the href of the a tag is controlled by an adversary. An authenticated attacker who stores a view that exploits this...

PT-2024-18904 · Unknown +1 · Dash-Core-Components +2

Name of the Vulnerable Software and Affected Versions: dash-core-components versions prior to 2.13.0 dash versions prior to 2.15.0 dash-html-components versions prior to 2.0.16 Description: The issue allows an authenticated attacker to steal data visible to another user who opens a view that...