CVE-2023-25572 React-Admin vulnerable to Cross-Site-Scripting attack on `<RichTextField>`

react-admin is a frontend framework for building browser applications on top of REST/GraphQL APIs. react-admin prior to versions 3.19.12 and 4.7.6, along with ra-ui-materialui prior to 3.19.12 and 4.7.6, are vulnerable to cross-site scripting. All React applications built with react-admin and usi...

CVE-2023-25572

CVE-2023-25572 concerns react-admin and related RA UI Material-UI before 3.19.12/4.7.6, where the RichTextField outputs HTML via dangerouslySetInnerHTML without client-side sanitization. If server-side data isn’t sanitized, this enables cross-site scripting (XSS) across React applications built w...

PT-2023-20171 · Unknown · Ra-Ui-Materialui +1

Name of the Vulnerable Software and Affected Versions: react-admin versions prior to 3.19.12 and 4.7.6 ra-ui-materialui versions prior to 3.19.12 and 4.7.6 Description: The issue affects all React applications built with react-admin and using the . This component outputs the field value using...

react-admin 跨站脚本漏洞

react-admin is a front-end framework for building data-driven applications that run in the browser on top of a REST/GraphQL API, using ES6, React, and Material Design. A security vulnerability exists in react-admin versions 3.x prior to 3.19.12 and 4.x prior to 4.7.6, which stems from the presenc...

@540deg/react-native-simple-markdown (>=1.1.1 <=1.1.2), @anzeblabla/react-native-markdown-editor (>=1.0.3 <=2.1.1) +29 more potentially affected by CVE-2019-25102 via simple-markdown (>=0.0.9 <=0.5.3)

simple-markdown NPM version =0.0.9, =1.1.1, =1.0.3, =1.3.0, =1.0.1, =1.1.1, =1.1.74, =1.0.8, =1.0.4, =2.3.0, =3.0.0, =1.0.0, =0.1.0, =0.1.1 and more Source cves: CVE-2019-25102 Source advisory: OSV:GHSA-J533-2G8V-PMPG...

@540deg/react-native-simple-markdown (>=1.1.1 <=1.1.2), @anzeblabla/react-native-markdown-editor (>=1.0.3 <=2.1.1) +29 more potentially affected by CVE-2019-25103 via simple-markdown (>=0.0.9 <=0.4.4)

simple-markdown NPM version =0.0.9, =1.1.1, =1.0.3, =1.3.0, =1.0.1, =1.1.1, =1.1.74, =1.0.8, =1.0.4, =2.3.0, =3.0.0, =1.0.0, =0.1.0, =0.1.1 and more Source cves: CVE-2019-25103 Source advisory: OSV:GHSA-GPVJ-GP8C-C7P2...

Malicious code in fronton-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d44f273938402bf07c8942f200cf613694ff6b357a5800e67b88a47dc620f019 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-461 Malicious code in fronton-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d44f273938402bf07c8942f200cf613694ff6b357a5800e67b88a47dc620f019 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

-llscw-react-cli (>=1.0.0 <=1.1.0-beta2), 002-node-cli (=1.0.0) +21418 more potentially affected by CVE-2022-25881 via http-cache-semantics (>=3.7.3 <=4.1.0)

http-cache-semantics NPM version =3.7.3, =1.0.0, =2.5.0, =0.0.1, =0.0.4 - 1095h-cli =1.0.1 - 10secondsofcode-custom =1.0.0 and more Source cves: CVE-2022-25881 Source advisory: OSV:GHSA-RC47-6667-2J5J...

Malicious Package

Overview shopee-ui-react is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package w...

Malicious Package

Overview react-dropzone-3 is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package...

Detection of Vulnerabilities in JavaScript Libraries

JavaScript is a popular programming language which is an integral component while developing interactive and dynamic web applications. It allows developers to create engaging and responsive user interfaces, handling complex web page elements, enhancing the overall functionality of the application...

reactrouter.com Open Redirect vulnerability OBB-3151756

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2023-22491

Gatsby is a free and open source framework based on React that helps developers build websites and apps. The gatsby-transformer-remark plugin prior to versions 5.25.1 and 6.3.2 passes input through to the gray-matter npm package, which is vulnerable to JavaScript injection in its default...

Design/Logic Flaw

Gatsby is a free and open source framework based on React that helps developers build websites and apps. The gatsby-transformer-remark plugin prior to versions 5.25.1 and 6.3.2 passes input through to the gray-matter npm package, which is vulnerable to JavaScript injection in its default...

CVE-2023-22491 gatsby-transformer-remark vulnerable to unsanitized JavaScript code injection

Gatsby is a free and open source framework based on React that helps developers build websites and apps. The gatsby-transformer-remark plugin prior to versions 5.25.1 and 6.3.2 passes input through to the gray-matter npm package, which is vulnerable to JavaScript injection in its default...

CVE-2023-22491 gatsby-transformer-remark vulnerable to unsanitized JavaScript code injection

Gatsby is a free and open source framework based on React that helps developers build websites and apps. The gatsby-transformer-remark plugin prior to versions 5.25.1 and 6.3.2 passes input through to the gray-matter npm package, which is vulnerable to JavaScript injection in its default...

MAL-2023-49 Malicious code in @playgami/eslint-config-portal-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b4be15151b5b32f83c0928b720d19807598f2d07da01e47b15a580083f99000f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Grafana -- Stored XSS in text panel plugin

Grafana Labs reports: During an internal audit of Grafana on January 1, a member of the security team found a stored XSS vulnerability affecting the core text plugin. The stored XSS vulnerability requires several user interactions in order to be fully exploited. The vulnerability was possible due...

Malicious code in experience-template-renderer-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware afa26f6f8649c313b48cb94b98dd23d01c15d0bc8cce3dfdfa2af4e410b133ec Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...