CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4876 matches found

OSV•added 2021/05/06 3:52 p.m.•1 views

GHSA-QCG2-H349-VWM3 Cross-site Scripting in React Draft Wysiwyg

react-draft-wysiwyg aka React Draft Wysiwyg before 1.14.6 allows a javascript: URi in a Link Target of the link decorator in decorators/Link/index.js when a draft is shared across users, leading to XSS...

5.4CVSS5.9AI score0.00263EPSS

Exploits1References4

Github Security Blog•added 2021/05/06 3:52 p.m.•34 views

Cross-site Scripting in React Draft Wysiwyg

5.4CVSS5.5AI score0.00263EPSS

Exploits1References5Affected Software1

OSV•added 2021/04/24 9:15 p.m.•15 views

CVE-2021-31712

5.4CVSS6.7AI score

Exploits0References3

NVD•added 2021/04/24 9:15 p.m.•7 views

CVE-2021-31712

5.4CVSS0.00263EPSS

Exploits1References3

Prion•added 2021/04/24 9:15 p.m.•11 views

Cross site scripting

3.5CVSS5.4AI score0.00263EPSS

Exploits1References3Affected Software1

Cvelist•added 2021/04/24 8:56 p.m.•11 views

CVE-2021-31712

5.7AI score0.00263EPSS

Exploits1References3

CVE•added 2021/04/24 8:56 p.m.•53 views

CVE-2021-31712

React Draft Wysiwyg (react-draft-wysiwyg) prior to 1.14.6 is vulnerable to XSS via a javascript: URI in a Link Target within decorators/Link/index.js when a draft is shared across users. The issue is documented across multiple feeds (including CVE-2021-31712 entries and Red Hat/Veracode advisorie...

5.4CVSS5.3AI score0.00263EPSS

Exploits1References3Affected Software1

CNNVD•added 2021/04/24 12:0 a.m.•0 views

react-draft-wysiwyg 跨站脚本漏洞

react-draft-wysiwyg is an application. Wysiwyg editor built with ReactJS and DraftJS libraries. A cross-site scripting vulnerability exists in react-draft-wysiwyg versions prior to 1.14.6, which stems from allowing a javascript: URi in decorators/Link/index.js...

5.4CVSS5.4AI score0.00263EPSS

Exploits1References5

vulnersOsv•added 2021/04/13 3:22 p.m.•1 views

@joshmccall/atomic-stories (>=0.0.0-semantically-released <=1.9.5), abmcontent (=0.1.0) +3 more potentially affected by CVE-2020-7787 via react-adal (>=0.3.15 <=0.4.24)

react-adal NPM version =0.3.15, =0.0.0-semantically-released, =0.1.0, =0.1.3 - widgettestcomponent =0.1.0 Source cves: CVE-2020-7787 Source advisory: OSV:GHSA-7MPX-VG3C-CMR4...

8.2CVSS7.2AI score0.00267EPSS

Exploits1

Github Security Blog•added 2021/04/13 3:22 p.m.•68 views

Improper Authentication in react-adal

This affects versions of react-adal 0.5.1. It is possible for a specially crafted JWT token and request URL can cause the nonce, session and refresh values to be incorrectly validated, causing the application to treat an attacker-generated JWT token as authentic. The logical defect is caused by h...

8.2CVSS7.6AI score0.00267EPSS

Exploits1References5Affected Software1

OSV•added 2021/04/13 3:22 p.m.•16 views

GHSA-7MPX-VG3C-CMR4 Improper Authentication in react-adal

8.2CVSS7.9AI score0.00267EPSS

Exploits1References4

vulnersOsv•added 2021/04/13 3:22 p.m.•0 views

@concepto/eb (>=1.1.7 <=1.1.95), @concepto/nuxt (=1.9.427) +11 more potentially affected by CVE-2019-10804 via serial-number (>=0.3.0 <=1.3.0)

serial-number NPM version =0.3.0, =1.1.7, =0.0.1, =1.9.35, =1.1.0, =1.1.1, =0.2.1, =0.1.4, =0.1.1, =0.1.24, =2.5.0, =3.1.1 Source cves: CVE-2019-10804 Source advisory: OSV:GHSA-3FW4-4H3M-892H...

9.8CVSS7.2AI score0.00578EPSS

Exploits1

vulnersOsv•added 2021/04/13 3:21 p.m.•1 views

@gsandf/react-native-oauth (>=2.1.16 <=2.2.2), react-native-oauth (>=1.1.0 <=2.2.0) +5 more potentially affected by CVE-2019-10805 via valib (=2.0.0)

valib NPM version =2.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on valib and may be impacted: - @gsandf/react-native-oauth =2.1.16, =1.1.0, =2.1.16, =2.1.15, =0.1.0, =0.4.6 Source cves: CVE-2019-10805 Source advisory: OSV:GHSA-PMPR-VC5Q-H3JW...

7.5CVSS7.1AI score0.00227EPSS

Exploits1

vulnersOsv•added 2021/04/13 3:19 p.m.•0 views

@jheubuch/ng-ws-template (>=1.0.1 <=1.0.2), pg-generator (>=3.5.0 <=4.8.3) +1 more potentially affected by CVE-2021-26275 via eslint-fixer (=0.1.5)

eslint-fixer NPM version =0.1.5 is affected by a known vulnerability. The following packages have a transitive dependency on eslint-fixer and may be impacted: - @jheubuch/ng-ws-template =1.0.1, =3.5.0, =4.8.3 - pg-generator-react-template =0.1.0 Source cves: CVE-2021-26275 Source advisory:...

10CVSS7.2AI score0.0627EPSS

Exploits1

vulnersOsv•added 2021/03/11 10:26 p.m.•4 views

-tompan-reacttemplate (>=1.0.1 <=1.1.0), 0x0.icu.anima (=0.1.0) +5687 more potentially affected by CVE-2021-24033 via react-dev-utils (>=0.4.0 <=11.0.3)

react-dev-utils NPM version =0.4.0, =1.0.1, =0.1.0, =0.1.2, =1.0.3, =0.1.0, =0.1.21, =1.0.0, =0.1.0, =2.0.5, =2.2.0 and more Source cves: CVE-2021-24033 Source advisory: OSV:GHSA-5Q6M-3H65-W53X...

6.8CVSS6.1AI score0.01439EPSS

Exploits1

Github Security Blog•added 2021/03/11 10:26 p.m.•75 views

react-dev-utils OS Command Injection in function `getProcessForPort`

react-dev-utils prior to v11.0.4 exposes a function, getProcessForPort, where an input argument is concatenated into a command string to be executed. This function is typically used from react-scripts in Create React App projects, where the usage is safe. Only when this function is manually invok...

6.8CVSS3.2AI score0.01439EPSS

Exploits1References6Affected Software1

OSV•added 2021/03/11 10:26 p.m.•0 views

GHSA-5Q6M-3H65-W53X react-dev-utils OS Command Injection in function `getProcessForPort`

5.6CVSS7AI score0.01439EPSS

Exploits1References6

Veracode•added 2021/03/10 6:6 a.m.•32 views

OS Command Injection

react-dev-utils is vulnerable to OS command injection. An attacker is able to inject and execute arbitrary OS commands on the host OS due to the usage of childprocess.execFileSync in the function getProcessIdOnPort...

5.6CVSS6.3AI score0.01439EPSS

Exploits1References2Affected Software1