Cross-Site Scripting (XSS)

MolecularFaces is vulnerable to Cross Site Scripting XSS. The vulnerability is caused due to improper handling of user input within the viewer plugin implementation of . This allows an attacker to inject arbitrary JavaScript code into the client browser by crafting malicious molfiles...

Duplicate Advisory: JavaScript execution via malicious molfiles (XSS)

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-2pwh-52h7-7j84. This link is maintained to preserve external references. Original Description MolecularFaces before 0.3.0 is vulnerable to cross site scripting. A remote attacker can execute arbitrary JavaScript...

GHSA-WC6F-QJXC-622V Duplicate Advisory: JavaScript execution via malicious molfiles (XSS)

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-2pwh-52h7-7j84. This link is maintained to preserve external references. Original Description MolecularFaces before 0.3.0 is vulnerable to cross site scripting. A remote attacker can execute arbitrary JavaScript...

CVE-2024-0758

MolecularFaces before 0.3.0 is vulnerable to cross site scripting. A remote attacker can execute arbitrary JavaScript in the context of a victim browser via crafted molfiles...

CVE-2024-0758

MolecularFaces before 0.3.0 is vulnerable to cross site scripting. A remote attacker can execute arbitrary JavaScript in the context of a victim browser via crafted molfiles...

Cross site scripting

MolecularFaces before 0.3.0 is vulnerable to cross site scripting. A remote attacker can execute arbitrary JavaScript in the context of a victim browser via crafted molfiles...

CVE-2024-0758

MolecularFaces before 0.3.0 is vulnerable to Cross-Site Scripting (XSS). A remote attacker can inject arbitrary JavaScript into a victim’s browser by crafting malicious molfiles, leveraging improper handling of user input in the viewer component. Affected version range is prior to 0.3.0; exploit ...

CVE-2024-0758 MolecularFaces XSS

MolecularFaces before 0.3.0 is vulnerable to cross site scripting. A remote attacker can execute arbitrary JavaScript in the context of a victim browser via crafted molfiles...

GHSA-2PWH-52H7-7J84 JavaScript execution via malicious molfiles (XSS)

Impact The viewer plugin implementation of renders molfile data directly inside a tag without any escaping. Arbitrary JavaScript code can thus be executed in the client browser via crafted molfiles. Patches Patched in v0.3.0: Molfile data is now rendered as value of a hidden tag and escaped via...

JavaScript execution via malicious molfiles (XSS)

Impact The viewer plugin implementation of renders molfile data directly inside a tag without any escaping. Arbitrary JavaScript code can thus be executed in the client browser via crafted molfiles. Patches Patched in v0.3.0: Molfile data is now rendered as value of a hidden tag and escaped via...

PT-2021-24349 · Unknown · Molecularfaces

Name of the Vulnerable Software and Affected Versions: MolecularFaces versions prior to 0.3.0 Description: The issue allows a remote attacker to execute arbitrary JavaScript in the context of a victim browser via crafted molfiles. This is due to the viewer plugin implementation of rendering molfi...