CVE-2022-29230

Hydrogen (Shopify) has a reported Cross-Site Scripting (XSS) vulnerability affecting version range 0.10.0 to 0.18.0, exploitable when hydrating data is user-controlled. The issue may allow an arbitrary script to run in pages built with Hydrogen. A fix is available: upgrade to v0.19.0; CSP is not ...

MAL-2022-5434 Malicious code in pp-react-buttons (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 000ff8cda66b7a099f0780508fa3aa26f9c586ea54c2ec040c448b46ba5e8a97 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in pp-react-buttons (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 000ff8cda66b7a099f0780508fa3aa26f9c586ea54c2ec040c448b46ba5e8a97 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Hydrogen 跨站脚本漏洞

Hydrogen is a React-based framework for Shopify individual developers. It is used to build dynamic, custom storefronts powered by Shopify. A cross-site scripting vulnerability exists in Hydrogen versions 0.10.0 through 0.18.0, which can be exploited by an attacker to execute script on pages built...

PayloadCMS arbitrary file upload vulnerability

PayloadCMS is a Headless CMS and application framework built using TypeScript, Node.js, React and MongoDB.PayloadCMS is vulnerable to arbitrary file uploads, which can be exploited by attackers to execute arbitrary code via crafted SVG files...

JHipster SQL Injection Vulnerability

JHipster is an open source application builder that develops web applications and microservices primarily using Angular or React and Spring Framework.JHipster suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements, whic...

-tompan-reacttemplate (>=1.0.1 <=1.1.0), 00ld8nuivn (=2.1.0) +40769 more potentially affected by CVE-2022-24772 via node-forge (>=0.10.0 <=1.2.1)

node-forge NPM version =0.10.0, =1.0.1, =1.1.0 - 00ld8nuivn =2.1.0 - 00rqiw31nd =2.1.0 - 01dk01majk =2.1.0 - 02rjq8i863 =1.1.0 - 02vx8qsp01 =2.1.0 - 05y6tjgmws =1.1.0 - 066m7q8o0z =2.1.0 - 06buj9h3su =2.1.0 - 06dre15t8r =2.1.0 - 0726react =0.1.1 - 07fgapmu9l =1.1.0 - 07t2xvu6t4 =2.1.0 - 0850u4lkp...

CVE-2022-24740

Volto is a ReactJS-based frontend for the Plone Content Management System. Between versions 14.0.0-alpha.5 and 15.0.0-alpha.0, a user could have their authentication cookie replaced with an authentication cookie from another user, effectively giving them control of the other user's account and...

Sudden swap of user auth tokens in Volto

Impact Due to the usage of an outdated version of the react-cookie library, under the circumstances of given a server high load, it is possible that a user could get his/her auth cookie replaced with the auth cookie from another user, effectively giving him full access to the other users account...

GHSA-CFHH-XGWQ-5R67 Sudden swap of user auth tokens in Volto

Impact Due to the usage of an outdated version of the react-cookie library, under the circumstances of given a server high load, it is possible that a user could get his/her auth cookie replaced with the auth cookie from another user, effectively giving him full access to the other users account...

Spoofing Attack

swagger-ui-react is vulnerable to spoofing attack. The vulnerability allows remote attackers to acquire remote OpenAPI definitions by persuading the victim to open a specifically crafted URL...

Volto 授权问题漏洞

Volto is a ReactJS-based front-end for the Plone content management system. Volto is vulnerable to an authentication vulnerability that could be exploited by attackers to replace its authentication cookies with authentication cookies from other users, effectively giving them control over other...

GHSA-MF22-92PM-M8P8 Cross site scripting in @awsui/components-react

Impact Components could potentially allow cross-site scripting XSS in certain circumstances. These components could render content without adequate neutralization. Patches Fixed in 3.0.367...

CVE-2022-24709

@awsui/components-react is the main AWS UI package which contains React components, with TypeScript definitions designed for user interface development. Multiple components in versions before 3.0.367 have been found to not properly neutralize user input and may allow for javascript injection. Use...

Design/Logic Flaw

@awsui/components-react is the main AWS UI package which contains React components, with TypeScript definitions designed for user interface development. Multiple components in versions before 3.0.367 have been found to not properly neutralize user input and may allow for javascript injection. Use...

CVE-2022-24709 Cross site scripting in @awsui/components-react

@awsui/components-react is the main AWS UI package which contains React components, with TypeScript definitions designed for user interface development. Multiple components in versions before 3.0.367 have been found to not properly neutralize user input and may allow for javascript injection. Use...

CVE-2022-24709 Cross site scripting in @awsui/components-react

@awsui/components-react is the main AWS UI package which contains React components, with TypeScript definitions designed for user interface development. Multiple components in versions before 3.0.367 have been found to not properly neutralize user input and may allow for javascript injection. Use...

CVE-2022-24709 Cross site scripting in @awsui/components-react

@awsui/components-react is the main AWS UI package which contains React components, with TypeScript definitions designed for user interface development. Multiple components in versions before 3.0.367 have been found to not properly neutralize user input and may allow for javascript injection. Use...

CVE-2022-24709

The CVE-2022-24709 entry concerns @awsui/components-react (the AWS UI React component library). Affected versions before 3.0.367 fail to properly neutralize user input, which may permit JavaScript injection (XSS) when rendering content. The issue has been characterized across multiple sources as ...

components-react 跨站脚本漏洞

components-react is a set of React components that help create intuitive, responsive and accessible user experiences for web applications. A cross-site scripting vulnerability exists in versions prior to @awsui/components-react 3.0.367 that could allow javascript injection...