10 matches found
CVE-2021-32859
The Baremetrics date range picker is a solution for selecting both date ranges and single dates from a single calender view. Versions 1.0.14 and prior are prone to cross-site scripting XSS when handling untrusted placeholder entries. An attacker who is able to influence the field placeholder when...
Baremetrics date range picker vulnerable to Cross-site Scripting
The Baremetrics date range picker is a solution for selecting both date ranges and single dates from a single calender view. Versions 1.0.14 and prior are prone to cross-site scripting XSS when handling untrusted placeholder entries. An attacker who is able to influence the field placeholder when...
GHSA-465F-MXXH-GRC4 Baremetrics date range picker vulnerable to Cross-site Scripting
The Baremetrics date range picker is a solution for selecting both date ranges and single dates from a single calender view. Versions 1.0.14 and prior are prone to cross-site scripting XSS when handling untrusted placeholder entries. An attacker who is able to influence the field placeholder when...
CVE-2021-32859
The Baremetrics date range picker is a solution for selecting both date ranges and single dates from a single calender view. Versions 1.0.14 and prior are prone to cross-site scripting XSS when handling untrusted placeholder entries. An attacker who is able to influence the field placeholder when...
CVE-2021-32859
The Baremetrics date range picker is a solution for selecting both date ranges and single dates from a single calender view. Versions 1.0.14 and prior are prone to cross-site scripting XSS when handling untrusted placeholder entries. An attacker who is able to influence the field placeholder when...
Cross site scripting
The Baremetrics date range picker is a solution for selecting both date ranges and single dates from a single calender view. Versions 1.0.14 and prior are prone to cross-site scripting XSS when handling untrusted placeholder entries. An attacker who is able to influence the field placeholder when...
PT-2023-12191 · Baremetrics · Baremetrics Date Range Picker
Name of the Vulnerable Software and Affected Versions: Baremetrics date range picker versions 1.0.14 and prior Description: The issue is related to cross-site scripting XSS when handling untrusted placeholder entries. An attacker who can influence the placeholder field when creating a Calendar...
CVE-2021-32859 Baremetrics date range picker vulnerable to Cross-site Scripting
The Baremetrics date range picker is a solution for selecting both date ranges and single dates from a single calender view. Versions 1.0.14 and prior are prone to cross-site scripting XSS when handling untrusted placeholder entries. An attacker who is able to influence the field placeholder when...
CVE-2021-32859
CVE-2021-32859 affects the Baremetrics date range picker (Calendar) up to version 1.0.14. The vulnerability arises from improper handling of untrusted placeholder values in Calendar.js, allowing an attacker to inject arbitrary HTML/JavaScript that renders in a user’s context (XSS). The connected ...
GHSA-8RXG-9G6F-VQ9P Malicious Package in another-date-range-picker
Version 4.1.48 of another-date-range-picker contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 4.1.48 of this module is found...