EUVD-2021-1155

Malware in sbrugna...

Injection and Cross-site Scripting in osm-static-maps

This affects all versions of package osm-static-maps under 3.9.0. User input given to the package is passed directly to a template without escaping ... . As such, it is possible for an attacker to inject arbitrary HTML/JS code and depending on the context. It will be outputted as an HTML on the...

GHSA-PXCF-V868-M492 Injection and Cross-site Scripting in osm-static-maps

This affects all versions of package osm-static-maps under 3.9.0. User input given to the package is passed directly to a template without escaping ... . As such, it is possible for an attacker to inject arbitrary HTML/JS code and depending on the context. It will be outputted as an HTML on the...

osm-static-maps code injection vulnerability

osm-static-maps is a Google-like static maps Npm library for individual developers. An injection vulnerability exists in all versions of osm-static-maps, where user input provided to the package is passed directly to the template and fails to be escaped. An attacker can exploit this vulnerability...

Template Injection

osm-static-maps is vulnerable to template injection. Lack of validation of user input into the template parameter tileserverUrl allows an attacker to inject arbitrary Javascript/HTML in a user's browser, perform requests on behalf of the user or read arbitrary local files...

CVE-2020-7749

This affects all versions of package osm-static-maps. User input given to the package is passed directly to a template without escaping ... . As such, it is possible for an attacker to inject arbitrary HTML/JS code and depending on the context. It will be outputted as an HTML on the page which...

CVE-2020-7749

This affects all versions of package osm-static-maps. User input given to the package is passed directly to a template without escaping ... . As such, it is possible for an attacker to inject arbitrary HTML/JS code and depending on the context. It will be outputted as an HTML on the page which...

Design/Logic Flaw

This affects all versions of package osm-static-maps. User input given to the package is passed directly to a template without escaping ... . As such, it is possible for an attacker to inject arbitrary HTML/JS code and depending on the context. It will be outputted as an HTML on the page which...

CVE-2020-7749

The CVE-2020-7749 issue affects all versions of osm-static-maps where user input is passed directly to a template without escaping ({{{ ... }}}). This enables injection of arbitrary HTML/JS, leading to XSS in the rendered page and, in server contexts (e.g., Puppeteer), potential SSRF and Local Fi...

CVE-2020-7749 Server-side Request Forgery (SSRF)

This affects all versions of package osm-static-maps. User input given to the package is passed directly to a template without escaping ... . As such, it is possible for an attacker to inject arbitrary HTML/JS code and depending on the context. It will be outputted as an HTML on the page which...

Server-side Request Forgery (SSRF)

Overview osm-static-maps is a Create a static image of a map with the features you want Affected versions of this package are vulnerable to Server-side Request Forgery SSRF. User input given to the package is passed directly to a template without escaping ... . As such, it is possible for an...