3 matches found
CVE-2026-33732
srvx is a universal server based on web standards. Prior to version 0.11.13, a pathname parsing discrepancy in srvx's FastURL allows middleware bypass on the Node.js adapter when a raw HTTP request uses an absolute URI with a non-standard scheme e.g. file://. Starting in version 0.11.13, the...
Cross-Site Scripting (XSS)
github.com/techarohq/anubis is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper validation of the ?redir= parameter in the /.within.website/x/cmd/anubis/api/pass-challenge route, which allows an attacker to craft malicious pass-challenge pages that execute arbitrary...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the PassChallenge function, which forces a redirect to nonstandard URLs. An attacker can execute arbitrary JavaScript code or trigger nonstandard URL schemes by enticing a user to interact with a maliciously...