2 matches found
GHSA-WC6F-QJXC-622V Duplicate Advisory: JavaScript execution via malicious molfiles (XSS)
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-2pwh-52h7-7j84. This link is maintained to preserve external references. Original Description MolecularFaces before 0.3.0 is vulnerable to cross site scripting. A remote attacker can execute arbitrary JavaScript...
GHSA-2PWH-52H7-7J84 JavaScript execution via malicious molfiles (XSS)
Impact The viewer plugin implementation of renders molfile data directly inside a tag without any escaping. Arbitrary JavaScript code can thus be executed in the client browser via crafted molfiles. Patches Patched in v0.3.0: Molfile data is now rendered as value of a hidden tag and escaped via...