Lucene search
K

5 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-5525

Malicious code in bioql PyPI...

5.1CVSS6.4AI score0.00238EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2025/03/03 6:31 p.m.14 views

tsup DOM Clobbering vulnerability

A DOM Clobbering vulnerability in tsup v8.3.4 allows attackers to execute arbitrary code via a crafted script in the import.meta.url to document.currentScript in cjsshims.js components...

5.1CVSS7.9AI score0.00238EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2025/03/03 12:0 a.m.2 views

tsup 跨站脚本漏洞

tsup is one of the easiest and fastest ways to bundle TypeScript libraries for EGOIST individual developers. A security vulnerability exists in tsup version v8.3.4, which stems from DOM Clobbering from import.meta.url to document.currentScript, allowing execution of arbitrary code...

5.1CVSS6.8AI score0.00238EPSS
Exploits1References3
OSV
OSV
added 2025/03/03 12:0 a.m.4 views

CVE-2024-53384

A DOM Clobbering vulnerability in tsup v8.3.4 allows attackers to execute arbitrary code via a crafted script in the import.meta.url to document.currentScript in cjsshims.js components...

5.1CVSS7.8AI score0.00238EPSS
Exploits1References3
OSV
OSV
added 2024/09/23 10:11 p.m.4 views

GHSA-GCX4-MW62-G8WM DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS

Summary We discovered a DOM Clobbering vulnerability in rollup when bundling scripts that use import.meta.url or with plugins that emit and reference asset files from code in cjs/umd/iife format. The DOM Clobbering gadget can lead to cross-site scripting XSS in web pages where scriptless...

8.3CVSS6.9AI score0.007EPSS
Exploits1References7
Rows per page
Query Builder