Lucene search
K

86 matches found

Prion
Prion
added 2022/06/27 12:15 p.m.14 views

Server side request forgery (ssrf)

Server-Side Request Forgery SSRF in GitHub repository ionicabizau/parse-url prior to 7.0.0...

7.5CVSS9.6AI score0.01533EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2022/06/27 12:10 p.m.40 views

CVE-2022-2216 Server-Side Request Forgery (SSRF) in ionicabizau/parse-url

Server-Side Request Forgery SSRF in GitHub repository ionicabizau/parse-url prior to 7.0.0...

9.4CVSS9.8AI score0.01533EPSS
Exploits1References2
CVE
CVE
added 2022/06/27 12:10 p.m.97 views

CVE-2022-2216

CVE-2022-2216 corresponds to a Server-Side Request Forgery (SSRF) in the GitHub repository ionicabizau/parse-url, affecting versions prior to 7.0.0. The connected documents describe the issue as an SSRF flaw in the URL parsing logic (with references noting potential local file access). The root c...

9.8CVSS9.6AI score0.01533EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2022/06/27 12:10 p.m.23 views

CVE-2022-2216 Server-Side Request Forgery (SSRF) in ionicabizau/parse-url

Server-Side Request Forgery SSRF in GitHub repository ionicabizau/parse-url prior to 7.0.0...

9.4CVSS9.3AI score0.01533EPSS
Exploits1References4
Cvelist
Cvelist
added 2022/06/27 12:10 p.m.30 views

CVE-2022-2218 Cross-site Scripting (XSS) - Stored in ionicabizau/parse-url

Cross-site Scripting XSS - Stored in GitHub repository ionicabizau/parse-url prior to 7.0.0...

9.1CVSS6.2AI score0.00857EPSS
Exploits1References2
CVE
CVE
added 2022/06/27 12:10 p.m.79 views

CVE-2022-2218

CVE-2022-2218 describes a stored XSS vulnerability in the parse-url library by ionicabizau, affecting versions prior to 7.0.0. The issue allows an attacker to place malicious JavaScript on a page via the vulnerable parse-url handling. The provided documents confirm the vulnerability but do not sp...

9.1CVSS6.2AI score0.00857EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2022/06/27 12:10 p.m.20 views

CVE-2022-2218 Cross-site Scripting (XSS) - Stored in ionicabizau/parse-url

Cross-site Scripting XSS - Stored in GitHub repository ionicabizau/parse-url prior to 7.0.0...

9.1CVSS8.2AI score0.00857EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2022/06/27 11:15 a.m.4 views

CVE-2022-0722

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository ionicabizau/parse-url prior to 7.0.0...

7.5CVSS5.5AI score0.01104EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2022/06/27 11:15 a.m.2 views

CVE-2022-2217

Cross-site Scripting XSS - Generic in GitHub repository ionicabizau/parse-url prior to 7.0.0...

9.1CVSS6.9AI score0.00955EPSS
Exploits1References3
NVD
NVD
added 2022/06/27 11:15 a.m.25 views

CVE-2022-2217

Cross-site Scripting XSS - Generic in GitHub repository ionicabizau/parse-url prior to 7.0.0...

9.1CVSS0.00955EPSS
Exploits1References2
CVE
CVE
added 2022/06/27 10:15 a.m.97 views

CVE-2022-2217

The CVE-2022-2217 issue is a cross-site scripting (XSS) vulnerability in the npm package parse-url (GitHub: ionicabizau/parse-url) affecting versions prior to 7.0.0 . The root cause is the ability to inject or execute malicious JavaScript on webpages produced by the affected package through craft...

9.1CVSS6.2AI score0.00955EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2022/06/27 12:0 a.m.4 views

parse-url 代码问题漏洞

parse-url is an advanced url parser with git url support from the individual developer Ionică Bizău. A code issue vulnerability exists in parse-url versions prior to 7.0.0, which stems from improper handling of usernames and passwords, undetected hostnames, and can be exploited by an attacker to...

9.8CVSS8.3AI score0.01533EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/06/27 12:0 a.m.2 views

parse-url 信息泄露漏洞

parse-url is an advanced url parser with git url support. An information disclosure vulnerability exists in versions of parse-url prior to 7.0.0, which can be exploited by attackers to expose sensitive information to unauthorized participants...

7.5CVSS5.7AI score0.01104EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/06/27 12:0 a.m.5 views

parse-url 跨站脚本漏洞

parse-url is an advanced url parser with git url support. A cross-site scripting vulnerability exists in parse-url versions prior to 7.0.0, which stems from the ability to run malicious JS code using ASCII characters starting with and all special escape characters starting with Unicode, which can...

9.1CVSS5.6AI score0.00955EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/06/27 12:0 a.m.53 views

parse-url 跨站脚本漏洞

parse-url is an advanced url parser with git url support. A cross-site scripting vulnerability exists in parse-url versions prior to 7.0.0, which stems from a last fix can be bypassed and can be exploited by an attacker to place any malicious JS code on a web page...

9.1CVSS5.6AI score0.00857EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2022/06/27 12:0 a.m.3 views

PT-2022-15277 · Parse-Url · Url-Parse

Name of the Vulnerable Software and Affected Versions: parse-url versions prior to 7.0.0 Description: The issue is related to Server-Side Request Forgery SSRF in the parse-url repository. This allows for the exploitation of parse URL to read local files. Recommendations: For versions prior to...

9.8CVSS8.9AI score0.01533EPSS
Exploits1References9
Huntr
Huntr
added 2022/06/11 12:57 p.m.10 views

Cross Site Scripting via Improper Input Validation

Description The parse-url The 5.0.8 version of the parser does not check :// character between protocols. This causes spoofing of the javascript protocol itself. Additionally, protocol spoofing does not occur in url-parse, new URL, and url.parse other than parse-url. Proof of Concept const parseU...

0.4AI score
Exploits0
Huntr
Huntr
added 2022/03/11 5:26 p.m.24 views

hostname spoofing via Improper Input Validation

Description When to use the parse-url, If user put the https://google.comhashvalue as argument, parse-url doesn't parse the hash value and parses hostname and hash together as hostname. http://localhost/hashvalue and http://localhosthashvalue are the same.. txt - new URL of node ❯ node -e...

7.1AI score
Exploits0
Huntr
Huntr
added 2022/03/09 11:22 a.m.7 views

Open Redirect

Description parse-url parses the url as https://google.com::/test, and if two or more colons are inserted in the port part, the port is parsed as one hostname. txt - node - url.parse ❯ node -e 'console.logrequire"url".parse"https://google.com::/test"' Url protocol: 'https:', slashes: true, auth:...

0.1AI score
Exploits0
Huntr
Huntr
added 2022/02/24 6:18 p.m.10 views

Improper Input Validation

Description If an attacker inserts a null byte at the beginning of the javascript scheme, parse will not parse the javascript scheme properly. Therefore, all null bytes must be removed before parsing. Proof of Concept javascript const parseUrl = require"parse-url" url =...

0.6AI score
Exploits0References1
Rows per page
Query Builder