5 matches found
EUVD-2025-5525
Malicious code in bioql PyPI...
tsup DOM Clobbering vulnerability
A DOM Clobbering vulnerability in tsup v8.3.4 allows attackers to execute arbitrary code via a crafted script in the import.meta.url to document.currentScript in cjsshims.js components...
tsup 跨站脚本漏洞
tsup is one of the easiest and fastest ways to bundle TypeScript libraries for EGOIST individual developers. A security vulnerability exists in tsup version v8.3.4, which stems from DOM Clobbering from import.meta.url to document.currentScript, allowing execution of arbitrary code...
CVE-2024-53384
A DOM Clobbering vulnerability in tsup v8.3.4 allows attackers to execute arbitrary code via a crafted script in the import.meta.url to document.currentScript in cjsshims.js components...
GHSA-GCX4-MW62-G8WM DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS
Summary We discovered a DOM Clobbering vulnerability in rollup when bundling scripts that use import.meta.url or with plugins that emit and reference asset files from code in cjs/umd/iife format. The DOM Clobbering gadget can lead to cross-site scripting XSS in web pages where scriptless...