EUVD-2018-0768

Malware in sbrugna...

EUVD-2018-0771

Malware in sbrugna...

GHSA-Q69P-5H74-W36F Content Injection via TileJSON Name in mapbox.js

Versions 1.x prior to 1.6.6 and 2.x prior to 2.2.4 of mapbox.js are vulnerable to a cross-site-scripting attack in certain uncommon usage scenarios. If L.mapbox.map or L.mapbox.shareControl are used in a manner that gives users control of the TileJSON content, it is possible to inject script...

sheetsee (>=0.0.1 <=0.0.3), sheetsee-maps (>=0.0.0 <=0.2.4) potentially affected by CVE-2017-1000043 via mapbox.js (=1.3.1)

mapbox.js NPM version =1.3.1 is affected by a known vulnerability. The following packages have a transitive dependency on mapbox.js and may be impacted: - sheetsee =0.0.1, =0.0.0, =0.2.4 Source cves: CVE-2017-1000043 Source advisory: OSV:GHSA-Q69P-5H74-W36F...

Content Injection via TileJSON Name in mapbox.js

Versions 1.x prior to 1.6.6 and 2.x prior to 2.2.4 of mapbox.js are vulnerable to a cross-site-scripting attack in certain uncommon usage scenarios. If L.mapbox.map or L.mapbox.shareControl are used in a manner that gives users control of the TileJSON content, it is possible to inject script...

GHSA-QR28-7J6P-9HMV Content Injection via TileJSON attribute in mapbox.js

Versions 1.x prior to 1.6.5 and 2.x prior to 2.1.7 of mapbox.js are vulnerable to a cross-site-scripting attack in certain uncommon usage scenarios. If L.mapbox.map or L.mapbox.tileLayer are used to load untrusted TileJSON content from a non-Mapbox URL, it is possible for a malicious user with...

Content Injection via TileJSON attribute in mapbox.js

Versions 1.x prior to 1.6.5 and 2.x prior to 2.1.7 of mapbox.js are vulnerable to a cross-site-scripting attack in certain uncommon usage scenarios. If L.mapbox.map or L.mapbox.tileLayer are used to load untrusted TileJSON content from a non-Mapbox URL, it is possible for a malicious user with...

CVE-2017-1000043

Mapbox.js versions 1.x prior to 1.6.6 and 2.x prior to 2.2.4 are vulnerable to a cross-site-scripting attack in certain uncommon usage scenarios via TileJSON name and map share control...

CVE-2017-1000043

Mapbox.js versions 1.x prior to 1.6.6 and 2.x prior to 2.2.4 are vulnerable to a cross-site-scripting attack in certain uncommon usage scenarios via TileJSON name and map share control...

CVE-2017-1000042

Mapbox.js versions 1.x prior to 1.6.5 and 2.x prior to 2.1.7 are vulnerable to a cross-site-scripting attack in certain uncommon usage scenarios via TileJSON Name...

Cross site scripting

Mapbox.js versions 1.x prior to 1.6.6 and 2.x prior to 2.2.4 are vulnerable to a cross-site-scripting attack in certain uncommon usage scenarios via TileJSON name and map share control...

Cross site scripting

Mapbox.js versions 1.x prior to 1.6.5 and 2.x prior to 2.1.7 are vulnerable to a cross-site-scripting attack in certain uncommon usage scenarios via TileJSON Name...

CVE-2017-1000042

Mapbox.js is affected by a cross-site scripting (XSS) vulnerability in TileJSON handling. Versions 1.x prior to 1.6.5 and 2.x prior to 2.1.7 are vulnerable when untrusted TileJSON content is loaded via L.mapbox.map or L.mapbox.tileLayer from non-Mapbox URLs, allowing script injection in the TileJ...

CVE-2017-1000042

Mapbox.js versions 1.x prior to 1.6.5 and 2.x prior to 2.1.7 are vulnerable to a cross-site-scripting attack in certain uncommon usage scenarios via TileJSON Name...

CVE-2017-1000043

Mapbox.js versions 1.x prior to 1.6.6 and 2.x prior to 2.2.4 are vulnerable to a cross-site-scripting attack in certain uncommon usage scenarios via TileJSON name and map share control...

CVE-2017-1000043

The CVE refers to a cross-site scripting vulnerability in Mapbox.js. Affected versions are 1.x before 1.6.6 and 2.x before 2.2.4, where using L.mapbox.map or L.mapbox.shareControl with TileJSON content under user control can allow injection of script content into the TileJSON name field. After th...

Mapbox Mapbox.js HTML Injection Vulnerability

Mapbox Mapbox.js is a JavaScript plugin for quickly creating maps. An HTML injection vulnerability exists in Mapbox Mapbox.js, which allows remote attackers to exploit the vulnerability to inject malicious script or HTML code, which can be used to obtain sensitive information or hijack user...

mapbox-rails Content Injection via TileJSON Name

Mapbox.js versions 1.x prior to 1.6.6 and 2.x prior to 2.2.4 are vulnerable to a cross-site-scripting attack in certain uncommon usage scenarios. If you use L.mapbox.map and L.mapbox.shareControl it is possible for a malicious user with control over the TileJSON content to inject script content...

Content Injection via TileJSON Name

Overview Versions 1.x prior to 1.6.6 and 2.x prior to 2.2.4 of mapbox.js are vulnerable to a cross-site-scripting attack in certain uncommon usage scenarios. If L.mapbox.map or L.mapbox.shareControl are used in a manner that gives users control of the TileJSON content, it is possible to inject...

Content Injection via TileJSON attribute

Overview Versions 1.x prior to 1.6.5 and 2.x prior to 2.1.7 of mapbox.js are vulnerable to a cross-site-scripting attack in certain uncommon usage scenarios. If L.mapbox.map or L.mapbox.tileLayer are used to load untrusted TileJSON content from a non-Mapbox URL, it is possible for a malicious use...