2 matches found
Cross-Site Scripting (XSS)
molecularfaces is vulnerable to cross-site scripting. The vulnerability exists due to the viewer plugin implementation of rendering the molfile data directly inside a...
JavaScript execution via malicious molfiles (XSS)
Impact The viewer plugin implementation of renders molfile data directly inside a tag without any escaping. Arbitrary JavaScript code can thus be executed in the client browser via crafted molfiles. Patches Patched in v0.3.0: Molfile data is now rendered as value of a hidden tag and escaped via...