Insufficient Verification of Data Authenticity

Overview org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity via the webContents.executeJavaScript function. An attacker...

GHSA-XJ5X-M3F3-5X3H Electron: Service worker can spoof executeJavaScript IPC replies

Impact A service worker running in a session could spoof reply messages on the internal IPC channel used by webContents.executeJavaScript and related methods, causing the main-process promise to resolve with attacker-controlled data. Apps are only affected if they have service workers registered...

CVE-2025-8535 cronoh NanoVault xrb URL main.js executeJavaScript cross site scripting

A vulnerability, which was classified as problematic, has been found in cronoh NanoVault up to 1.2.1. This issue affects the function executeJavaScript of the file /main.js of the component xrb URL Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The...

CVE-2025-8535 cronoh NanoVault xrb URL main.js executeJavaScript cross site scripting

A vulnerability, which was classified as problematic, has been found in cronoh NanoVault up to 1.2.1. This issue affects the function executeJavaScript of the file /main.js of the component xrb URL Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The...

NanoVault 安全漏洞

NanoVault is an open source wallet software using Nano cryptocurrency by Andrew Steele, an individual developer. A security vulnerability exists in NanoVault 1.2.1 and earlier versions, which stems from a cross-site scripting vulnerability in the function executeJavaScript in file/main.js...