11 matches found
EUVD-2024-2182
Malicious code in bioql PyPI...
CVE-2024-37166
ghtml is software that uses tagged templates for template engine functionality. It is possible to introduce user-controlled JavaScript code and trigger a Cross-Site Scripting XSS vulnerability in some cases. Version 2.0.0 introduces changes to mitigate this issue. Version 2.0.0 contains updated...
CVE-2024-37166
ghtml is software that uses tagged templates for template engine functionality. It is possible to introduce user-controlled JavaScript code and trigger a Cross-Site Scripting XSS vulnerability in some cases. Version 2.0.0 introduces changes to mitigate this issue. Version 2.0.0 contains updated...
ghtml Cross-Site Scripting (XSS) vulnerability
Summary It is possible to introduce user-controlled JavaScript code and trigger a Cross-Site Scripting XSS vulnerability in some cases. Actions Taken - Updated the documentation to clarify that while ghtml escapes characters with special meaning in HTML, it does not provide comprehensive protecti...
fastify-html (>=0.3.3 <=0.4.0) potentially affected by CVE-2024-37166 via ghtml (=1.7.2)
ghtml NPM version =1.7.2 is affected by a known vulnerability. The following packages have a transitive dependency on ghtml and may be impacted: - fastify-html =0.3.3, =0.4.0 Source cves: CVE-2024-37166 Source advisory: OSV:GHSA-VVHJ-V88F-5GXR...
GHSA-VVHJ-V88F-5GXR ghtml Cross-Site Scripting (XSS) vulnerability
Summary It is possible to introduce user-controlled JavaScript code and trigger a Cross-Site Scripting XSS vulnerability in some cases. Actions Taken - Updated the documentation to clarify that while ghtml escapes characters with special meaning in HTML, it does not provide comprehensive protecti...
CVE-2024-37166 ghtml Cross-Site Scripting (XSS) vulnerability
ghtml is software that uses tagged templates for template engine functionality. It is possible to introduce user-controlled JavaScript code and trigger a Cross-Site Scripting XSS vulnerability in some cases. Version 2.0.0 introduces changes to mitigate this issue. Version 2.0.0 contains updated...
CVE-2024-37166
CVE-2024-37166 affects the ghtml template engine. It enables user-controlled JavaScript execution in some render paths, i.e., an XSS risk. Version 2.0.0 adds mitigations by escaping HTML-special characters and the backtick, but the advisory states this does not provide comprehensive XSS protectio...
CVE-2024-37166 ghtml Cross-Site Scripting (XSS) vulnerability
ghtml is software that uses tagged templates for template engine functionality. It is possible to introduce user-controlled JavaScript code and trigger a Cross-Site Scripting XSS vulnerability in some cases. Version 2.0.0 introduces changes to mitigate this issue. Version 2.0.0 contains updated...
CVE-2024-37166 ghtml Cross-Site Scripting (XSS) vulnerability
ghtml is software that uses tagged templates for template engine functionality. It is possible to introduce user-controlled JavaScript code and trigger a Cross-Site Scripting XSS vulnerability in some cases. Version 2.0.0 introduces changes to mitigate this issue. Version 2.0.0 contains updated...
ghtml Cross-Site Scripting Vulnerability
ghtml is a toolkit by the individual developer Gürgün Dayıoğlu. A cross-site scripting vulnerability exists in ghtml versions prior to 2.0.0, which stems from unprocessed attribute value encoding and lack of control over href values, and could lead to cross-site scripting...