10 matches found
CVE-2025-59039
Prebid Universal Creative PUC is a JavaScript API to render multiple formats. Npm users of PUC 1.17.3 or PUC latest were briefly affected by crypto-related malware. This includes the extremely popular jsdelivr hosting of this file. The maintainers of PUC unpublished version 1.17.3. Users should s...
CVE-2025-59039
The CVE-2025-59039 incident concerns Prebid Universal Creative (PUC), a JavaScript API used to render multiple formats. NPM users of PUC 1.17.3 or the latest release were briefly affected by crypto-related malware, including via the popular jsDelivr hosting of the PUC file. In response, maintaine...
CVE-2025-59039 Prebid Universal Creative on npm briefly compromised
Prebid Universal Creative PUC is a JavaScript API to render multiple formats. Npm users of PUC 1.17.3 or PUC latest were briefly affected by crypto-related malware. This includes the extremely popular jsdelivr hosting of this file. The maintainers of PUC unpublished version 1.17.3. Users should s...
Trojanized jQuery Packages Found on npm, GitHub, and jsDelivr Code Repositories
Unknown threat actors have been found propagating trojanized versions of jQuery on npm, GitHub, and jsDelivr in what appears to be an instance of a "complex and persistent" supply chain attack. "This attack stands out due to the high variability across packages," Phylum said in an analysis...
Global CDN Service ‘jsdelivr’ Exposed Users to Phishing Attacks
By Habiba Rashid In the interconnected world of web development, open-source components play a vital role, facilitating collaboration and code sharing… This is a post from HackRead.com Read the original post: Global CDN Service jsdelivr Exposed Users to Phishing Attacks...
jsdelivr.com Cross Site Scripting vulnerability OBB-3258630
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
jsDelivr: Pretty Photo Dom XSS
Hi Team, Javascript for http://www.jsdelivr.com/!prettyphoto hosted on the website points to 3.1.5 which is vulnerable to DOMXSS the upstream released an update 3.1.6 7 days back still the CDN is serving vulnerable edition effectively making all the websites vulnerable to DoMXSS Details about the...
jsDelivr: HSTS Policy not enabled on cdn.jsdelivr.net
This one provides MITM against SSL attacks protection. You should enable this just in case. Hope this helps...
jsDelivr: Using nmap revealing sensitive information
check this = http://prntscr.com/3xlww2 nmap scan result . Starting Nmap 6.46 http://nmap.org at 2014-06-29 15:34 India Standard Time NSE: Loaded 30 scripts for scanning. NSE: Script Pre-scanning. Initiating Parallel DNS resolution of 1 host. at 15:35 Completed Parallel DNS resolution of 1 host. a...
jsDelivr: XSS
Dear Team, Step-by-step instructions on how to reproduce the problem: It was found the application is vulnerable to XSS attack. To achieve the same, open this link http://staging.jsdelivr.net/g//%3Cimg/src=%22%3E%22+onerror=alert%28927942%29%3E in firefox. it can't prompt bcoz there is nothng jus...