EUVD-2023-2286

Malicious code in bioql PyPI...

CVE-2021-26505

Prototype pollution vulnerability in MrSwitch hello.js version 1.18.6, allows remote attackers to execute arbitrary code via hello.utils.extend function...

MrSwitch hello.js vulnerable to prototype pollution

A prototype pollution vulnerability in MrSwitch hello.js prior to version 1.18.8 allows remote attackers to execute arbitrary code via hello.utils.extend function...

CVE-2021-26505

Prototype pollution vulnerability in MrSwitch hello.js version 1.18.6, allows remote attackers to execute arbitrary code via hello.utils.extend function...

CVE-2021-26505

Prototype pollution vulnerability in MrSwitch hello.js version 1.18.6, allows remote attackers to execute arbitrary code via hello.utils.extend function...

Code injection

Prototype pollution vulnerability in MrSwitch hello.js version 1.18.6, allows remote attackers to execute arbitrary code via hello.utils.extend function...

CVE-2021-26505

Prototype pollution vulnerability in MrSwitch hello.js version 1.18.6, allows remote attackers to execute arbitrary code via hello.utils.extend function...

CVE-2021-26505

CVE-2021-26505 affects MrSwitch hello.js (v1.18.6). The vulnerability is a prototype pollution flaw in hello.utils.extend that allows remote code execution. Related advisories indicate fixes in v1.18.8 and later; higher-risk impact is confirmed (remote, no user interaction).

Cross-Site Scripting (XSS)

Overview In affected versions of hellojs hello.js there is a cross-site scripting bug. The code get the param oauthredirect from url and pass it to location.assign without any check and sanitisation. It is possible to simply pass some XSS payloads into the url param oauthredirect, such as...

GHSA-7JH9-6CPF-H4M7 XSS in hello.js

This affects the package hello.js before 1.18.6. The code get the param oauthredirect from url and pass it to location.assign without any check and sanitisation. So we can simply pass some XSS payloads into the url param oauthredirect, such as javascript:alert1...

XSS in hello.js

This affects the package hello.js before 1.18.6. The code get the param oauthredirect from url and pass it to location.assign without any check and sanitisation. So we can simply pass some XSS payloads into the url param oauthredirect, such as javascript:alert1...

PT-2020-19758 · Hello.Js · Hellojs

Name of the Vulnerable Software and Affected Versions: hellojs versions prior to 1.18.6 hello.js versions prior to 1.18.6 Description: The issue arises from the package getting the oauth redirect parameter from the URL and passing it to location.assign without proper checks and sanitization. This...