12 matches found
EUVD-2022-1612
Malicious code in bioql PyPI...
CVE-2022-1243
CRHTLF can lead to invalid protocol extraction potentially leading to XSS in GitHub repository medialize/uri.js prior to 1.19.11...
GHSA-3VJF-82FF-P4R3 Incorrect protocol extraction via \r, \n and \t characters
\r, \n and \t characters in user-input URLs can potentially lead to incorrect protocol extraction when using npm package urijs prior to version 1.19.11. This can lead to XSS when the module is used to prevent passing in malicious javascript: links into HTML or Javascript see following example:...
CVE-2022-1243
CRHTLF can lead to invalid protocol extraction potentially leading to XSS in GitHub repository medialize/uri.js prior to 1.19.11...
CVE-2022-1243
CRHTLF can lead to invalid protocol extraction potentially leading to XSS in GitHub repository medialize/uri.js prior to 1.19.11...
Cross site scripting
CRHTLF can lead to invalid protocol extraction potentially leading to XSS in GitHub repository medialize/uri.js prior to 1.19.11...
CVE-2022-1243 CRHTLF can lead to invalid protocol extraction potentially leading to XSS in medialize/uri.js
CRHTLF can lead to invalid protocol extraction potentially leading to XSS in GitHub repository medialize/uri.js prior to 1.19.11...
CVE-2022-1243 CRHTLF can lead to invalid protocol extraction potentially leading to XSS in medialize/uri.js
CRHTLF can lead to invalid protocol extraction potentially leading to XSS in GitHub repository medialize/uri.js prior to 1.19.11...
CVE-2022-1243
CVE-2022-1243 concerns the medialize/uri.js library. The issue, caused by CRHTLF, can lead to invalid protocol extraction and potential cross‑site scripting (XSS) when processing user‑supplied URLs in uri.js prior to version 1.19.11. The vulnerability affects medialize/uri.js used by projects suc...
Medialize URI.js 安全漏洞
Medialize URI.js is a Javascript-based code library from the Medialize team that can be used to efficiently splice URLs. A security vulnerability exists in Medialize URI.js versions prior to 1.19.11, which stems from CRHTLF resulting in invalid protocol extraction...
PT-2022-13743 · Medialize · Uri.Js
Name of the Vulnerable Software and Affected Versions: medialize/uri.js versions prior to 1.19.11 Description: The issue is related to CRHTLF, which can lead to invalid protocol extraction, potentially resulting in XSS. Specifically, characters such as r, , and t in user-input URLs can cause...
CRHTLF can lead to invalid protocol extraction potentially leading to XSS
Description \r, \n, \t characters in the URI can lead to XSS as URI.js will fail to extract javascript: protocol from a URI. See Section 4.4 Step 3 "Remove all ASCII tab or newline from input." of the WHATWG URL spec. Proof of Concept const parse = require'urijs' const express = require'express'...