23 matches found
EUVD-2022-1753
Malicious code in bioql PyPI...
EUVD-2022-1843
Malicious code in bioql PyPI...
CVE-2022-1295
Prototype Pollution in GitHub repository alvarotrigo/fullpage.js prior to 4.0.2...
Cross-site Scripting (XSS)
fullpage.js is vulnerable to cross-site scripting. Lack of sanitization of anchor URL before putting it in anchor href in alvarotrigo/fullpage.js allows an attacker to inject malicious javascript...
Cross-site Scripting in fullpage.js
using fullpage.js you can create a anchor tag . But when put href in anchor then it does not sanitize the url which allow for a break in the context of anchor element and can add our new element...
GHSA-H3CQ-J957-VHXG Cross-site Scripting in fullpage.js
using fullpage.js you can create a anchor tag . But when put href in anchor then it does not sanitize the url which allow for a break in the context of anchor element and can add our new element...
CVE-2022-1330
stored xss due to unsantized anchor url in GitHub repository alvarotrigo/fullpage.js prior to 4.0.4. stored xss...
CVE-2022-1330
stored xss due to unsantized anchor url in GitHub repository alvarotrigo/fullpage.js prior to 4.0.4. stored xss...
Cross site scripting
stored xss due to unsantized anchor url in GitHub repository alvarotrigo/fullpage.js prior to 4.0.4. stored xss...
CVE-2022-1330 stored xss due to unsantized anchor url in alvarotrigo/fullpage.js
stored xss due to unsantized anchor url in GitHub repository alvarotrigo/fullpage.js prior to 4.0.4. stored xss...
CVE-2022-1330
CVE-2022-1330 affects the fullpage.js library prior to 4.0.4. The vulnerability is a stored cross-site scripting (XSS) flaw caused by unsanitized anchor URLs in href attributes, which can allow injected JavaScript when a page uses fullpage.js. Supported sources consistently describe a stored XSS ...
CVE-2022-1330 stored xss due to unsantized anchor url in alvarotrigo/fullpage.js
stored xss due to unsantized anchor url in GitHub repository alvarotrigo/fullpage.js prior to 4.0.4. stored xss...
GHSA-VPGW-FFH3-648H Prototype Pollution in fullpage.js
fullPage utils are available to developers using window.fputils. They can use these utils for their own use-case other than fullPage as well. However, one of the utils deepExtend is vulnerable to Prototype Pollution vulnerability. Javascript is "prototype" language which means when a new "object"...
@chrismou/ember-cli-fullpage-js (>=1.0.0 <=1.0.4), @fullpage/angular-fullpage (>=0.0.1 <=0.0.16) +28 more potentially affected by CVE-2022-1295 via fullpage.js (>=2.7.9 <=3.1.2)
fullpage.js NPM version =2.7.9, =1.0.0, =0.0.1, =0.0.1, =1.0.1, =0.0.14, =1.0.15, =0.2.1, =1.0.0, =1.0.7, =0.1.16, =1.0.0, =1.0.0, =1.0.2 and more Source cves: CVE-2022-1295 Source advisory: OSV:GHSA-VPGW-FFH3-648H...
fullpage.js 跨站脚本漏洞
fullpage.js is an easy-to-use library for creating full-screen scrolling websites also known as single-page websites or mono-page websites and adding horizontal sliders to various parts of the website. A cross-site scripting vulnerability exists in fullpage.js prior to 4.0.4. No information about...
stored xss due to unsantized anchor url
BUG ====== stored xss due to unsantized anchor url SUMMURY ========= using fullpage.js you can create a anchor tag . But when put href in anchor then it does not sanitize the url which allow to break context of anchor element and can add our new element . I see main javascript or other javascript...
CVE-2022-1295
Prototype Pollution in GitHub repository alvarotrigo/fullpage.js prior to 4.0.2...
CVE-2022-1295
Prototype Pollution in GitHub repository alvarotrigo/fullpage.js prior to 4.0.2...
Design/Logic Flaw
Prototype Pollution in GitHub repository alvarotrigo/fullpage.js prior to 4.0.2...
CVE-2022-1295 Prototype Pollution in alvarotrigo/fullpage.js
Prototype Pollution in GitHub repository alvarotrigo/fullpage.js prior to 4.0.2...