19 matches found
EUVD-2021-2530
Malware in sbrugna...
CVE-2020-7642
lazysizes through 5.2.0 allows execution of malicious JavaScript. The following attributes are not sanitized by the video-embed plugin: data-vimeo, data-vimeoparams, data-youtube and data-ytparams which can be abused to inject malicious JavaScript...
Malicious code in espn-lazysizes (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 60130f7b2b231061cc46a7cd1f6e01e416c6eaa83410e500788fd34809d817e3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-2853 Malicious code in espn-lazysizes (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 60130f7b2b231061cc46a7cd1f6e01e416c6eaa83410e500788fd34809d817e3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-254 Malicious code in @espn-lazysizes/fetlife-assets (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e54f13287006cc46085a40aefef14b533bc8c03a746796ea46c41ea4b6249eb6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Cross-site scripting in lazysizes
lazysizes through 5.2.0 allows execution of malicious JavaScript. The following attributes are not sanitized by the video-embed plugin: data-vimeo, data-vimeoparams, data-youtube and data-ytparams which can be abused to inject malicious JavaScript...
GHSA-HG2P-2CVQ-4PPV Cross-site scripting in lazysizes
lazysizes through 5.2.0 allows execution of malicious JavaScript. The following attributes are not sanitized by the video-embed plugin: data-vimeo, data-vimeoparams, data-youtube and data-ytparams which can be abused to inject malicious JavaScript...
Cross-Site Scripting in lazysizes
Versions of lazysizes prior to 5.2.1-rc1 are vulnerable to Cross-Site Scripting. The video-embed plugin fails to sanitize the following attributes: data-vimeo, data-vimeoparams, data-youtube and data-ytparams. This allows attackers to execute arbitrary JavaScript in a victim's browser if the...
GHSA-W4VP-3MQ7-7V82 Cross-Site Scripting in lazysizes
Versions of lazysizes prior to 5.2.1-rc1 are vulnerable to Cross-Site Scripting. The video-embed plugin fails to sanitize the following attributes: data-vimeo, data-vimeoparams, data-youtube and data-ytparams. This allows attackers to execute arbitrary JavaScript in a victim's browser if the...
Lazysizes Cross-Site Scripting Vulnerability
lazysizes is a lightweight inert loader. It is mainly used for delayed loading of content such as images, iframes and scripts. A security vulnerability exists in lazysizes 5.2.0 and earlier versions, which stems from the program's failure to clean up the following attributes: data-vimeo,...
CVE-2020-7642
lazysizes through 5.2.0 allows execution of malicious JavaScript. The following attributes are not sanitized by the video-embed plugin: data-vimeo, data-vimeoparams, data-youtube and data-ytparams which can be abused to inject malicious JavaScript...
CVE-2020-7642
lazysizes through 5.2.0 allows execution of malicious JavaScript. The following attributes are not sanitized by the video-embed plugin: data-vimeo, data-vimeoparams, data-youtube and data-ytparams which can be abused to inject malicious JavaScript...
Design/Logic Flaw
lazysizes through 5.2.0 allows execution of malicious JavaScript. The following attributes are not sanitized by the video-embed plugin: data-vimeo, data-vimeoparams, data-youtube and data-ytparams which can be abused to inject malicious JavaScript...
CVE-2020-7642
CVE-2020-7642 affects lazysizes up to version 5.2.0, where the video-embed plugin fails to sanitize attributes data-vimeo, data-vimeoparams, data-youtube, and data-ytparams, enabling injection of malicious JavaScript. The vulnerability is tied to how untrusted payloads can be executed through the...
CVE-2020-7642
lazysizes through 5.2.0 allows execution of malicious JavaScript. The following attributes are not sanitized by the video-embed plugin: data-vimeo, data-vimeoparams, data-youtube and data-ytparams which can be abused to inject malicious JavaScript...
norska (>=0.7.0 <=0.8.4), norska-frontend (>=0.7.4 <=0.9.11) +5 more potentially affected by CVE-2020-7642 via lazysizes (>=5.1.1 <=5.2.0)
lazysizes NPM version =5.1.1, =0.7.0, =0.7.4, =0.7.4, =2.1.4, =0.5.2, =0.5.2, =0.7.2 - sov =0.2.4 Source cves: CVE-2020-7642 Source advisory: SNYK:JS-LAZYSIZES-567144...
Cross-site Scripting (XSS)
Overview lazysizes is a fast jank-free, SEO-friendly and self-initializing lazyloader for images including responsive images picture/srcset, iframes, scripts/widgets and much more. It also prioritizes resources by differentiating between crucial in view and near view elements to make perceived...
Cross-Site Scripting
Overview Versions of lazysizes prior to 5.2.1-rc1 are vulnerable to Cross-Site Scripting. The video-embed plugin fails to sanitize the following attributes: data-vimeo, data-vimeoparams, data-youtube and data-ytparams. This allows attackers to execute arbitrary JavaScript in a victim's browser if...
Cross-Site Scripting (XSS)
lazysizes is vulnerable to cross-site scripting XSS. The attributes data-vimeo, data-vimeoparams, data-youtube and data-ytparams are not sanitized by the video-embed plugin, allowing a remote attacker to inject and execute arbitrary Javascript in the user's browser via the affected parameters...