4876 matches found
GHSA-8XQR-4CPM-WX7G Cross-Site Scripting in react-svg
Versions of react-svg before 2.2.18 are vulnerable to cross-site scripting xss. This is due to the fact that scripts found in SVG files are run by default. Recommendation Update to version 2.2.18 or later...
Node.js third-party modules: Lack of input validation and sanitization in react-autolinker-wrapper library causes XSS
NOTE! Thanks for submitting a report! Please replace all the square sections below with the pertinent details. Remember, the more detail you provide, the easier it is for us to triage and respond quickly, so be sure to take your time filling out the report! I would like to report XSS in...
@abdelilah/react-rich-text (=0.0.1), @bemit/flood-admin (>=0.1.2 <=0.1.6) +36 more potentially affected by CVE-2019-12043 via remarkable (>=1.3.0 <=1.7.1)
remarkable NPM version =1.3.0, =0.1.2, =0.1.0, =0.1.0, =4.0.0, =5.17.1, =1.1.2, =0.0.23, =0.0.23, =0.1.0, =2.0.0-beta0, =0.1.9, =0.2.1 - docpack =1.0.0-alpha and more Source cves: CVE-2019-12043 Source advisory: OSV:GHSA-36M4-6V6M-4VPR...
4everland-pinning (>=1.0.4 <=1.0.10), @0x5e/homebridge-tuya-platform (>=1.6.0 <=1.7.0-beta.58) +3260 more potentially affected by CVE-2019-5432 via mqtt-packet (>=6.0.0 <=6.10.0)
mqtt-packet NPM version =6.0.0, =1.0.4, =1.6.0, =1.0.1, =0.2.0, =0.4.19, =0.12.0, =0.1.5, =0.1.8, =0.1.3, =0.12.0, =0.1.0, =0.8.3, =0.12.0, =0.12.0, =0.12.0, =0.14.4 and more Source cves: CVE-2019-5432 Source advisory: OSV:GHSA-WV67-9JQ7-8R69...
Osmedeus - Fully Automated Offensive Security Tool For Reconnaissance And Vulnerability Scanning
Osmedeus allows you automated run the collection of awesome tools to reconnaissance and vulnerability scanning against the target. How to use If you have no idea what are you doing just type the command below or check out the Advanced Usage ./osmedeus.py -t example.com Installation git clone...
@anzeblabla/react-native-markdown-editor (>=1.0.3 <=2.1.1), @gorangajic/react-native-markdown (=0.1.1) +22 more potentially affected by CVE-2019-9844 via simple-markdown (>=0.0.9 <=0.4.2)
simple-markdown NPM version =0.0.9, =1.0.3, =1.3.0, =1.0.1, =1.0.4, =2.3.0, =0.1.0, =1.2.0, =2.4.0, =1.2.0, =1.1.0, =1.0.0, =1.10.0 and more Source cves: CVE-2019-9844 Source advisory: OSV:GHSA-QJ3F-9GMQ-FWV5...
@anujboddu/searchbar (>=2.0.0 <=2.1.1), @dlghq/dialog-components (>=0.146.0 <=0.149.7) +42 more potentially affected by CVE-2018-6341 via react-dom (>=16.1.0 <=16.1.1)
react-dom NPM version =16.1.0, =2.0.0, =0.146.0, =4.0.1, =0.0.7, =1.0.0, =1.0.0, =1.1.0, =1.3.9, =1.1.10, =1.0.6, =0.0.12, =0.1.0, =3.6.3, =3.7.4 and more Source cves: CVE-2018-6341 Source advisory: OSV:GHSA-MVJJ-GQQ2-P4HW...
@belong-ui/button (>=0.0.1 <=0.1.4), @belong-ui/checkbox (>=0.0.10 <=0.1.4) +135 more potentially affected by CVE-2018-6341 via react-dom (=16.0.0)
react-dom NPM version =16.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on react-dom and may be impacted: - @belong-ui/button =0.0.1, =0.0.10, =0.0.4, =0.0.6, =0.1.3, =0.0.5, =0.1.1, =0.0.12, =0.0.11, =0.0.7, =0.1.3, =0.0.1, =1.2.7, =1.2.7, =1.2.7,...
@akiolabs/analytics (>=0.0.3 <=0.0.4), @akiolabs/app (>=0.0.2 <=0.0.4) +221 more potentially affected by CVE-2018-6341 via react-dom (>=16.4.0 <=16.4.1)
react-dom NPM version =16.4.0, =0.0.3, =0.0.2, =0.0.1, =2018.5.24-0, =2018.6.17-2, =2018.7.11-0, =0.4.1, =0.1.0-latest.1a450bb3, =1.0.0-beta.0, =0.0.2, =0.0.22-alpha.1, =1.1.0, =1.0.0, =1.6.1 and more Source cves: CVE-2018-6341 Source advisory: OSV:GHSA-MVJJ-GQQ2-P4HW...
Cross-Site Scripting in react-dom
Affected versions of react-dom are vulnerable to Cross-Site Scripting XSS. The package fails to validate attribute names in HTML tags which may lead to Cross-Site Scripting in specific scenarios. This may allow attackers to execute arbitrary JavaScript in the victim's browser. To be affected by...
@activelylearn/react-pdf (=2.5.2), @aglet/components (>=1.3.3 <=2.0.1) +331 more potentially affected by CVE-2018-6341 via react-dom (=16.2.0)
react-dom NPM version =16.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on react-dom and may be impacted: - @activelylearn/react-pdf =2.5.2 - @aglet/components =1.3.3, =0.1.1-alpha.0, =1.0.5, =0.0.1, =0.0.1, =0.1.0, =1.0.0, =1.0.0, =0.1.0, =3.0.4,...
GHSA-MVJJ-GQQ2-P4HW Cross-Site Scripting in react-dom
Affected versions of react-dom are vulnerable to Cross-Site Scripting XSS. The package fails to validate attribute names in HTML tags which may lead to Cross-Site Scripting in specific scenarios. This may allow attackers to execute arbitrary JavaScript in the victim's browser. To be affected by...
@amory/patch-gatsby (>=2018.4.29-8 <=2018.5.11-5), @amory/patches (>=2018.5.11-6 <=2018.5.23-7) +226 more potentially affected by CVE-2018-6341 via react-dom (>=16.3.0 <=16.3.2)
react-dom NPM version =16.3.0, =2018.4.29-8, =2018.5.11-6, =2.0.0-rc.2, =0.0.5, =0.0.1, =1.9.1, =1.3.2, =1.6.0, =1.5.0, =1.5.0, =1.5.0, =1.5.0, =1.3.2, =1.1.0, =1.1.3 and more Source cves: CVE-2018-6341 Source advisory: OSV:GHSA-MVJJ-GQQ2-P4HW...
@yaochuxia/roadhog (=1.0.9), svmx-react-scripts (>=1.1.4 <=1.1.17) +1 more potentially affected by CVE-2018-6342 via react-dev-utils (=2.0.1)
react-dev-utils NPM version =2.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on react-dev-utils and may be impacted: - @yaochuxia/roadhog =1.0.9 - svmx-react-scripts =1.1.4, =0.1.0, =0.1.1 Source cves: CVE-2018-6342 Source advisory:...
@5minutes2start/react-scripts (>=1.1.2 <=1.1.4), @biko/react-scripts (>=0.1.0 <=0.4.0) +132 more potentially affected by CVE-2018-6342 via react-dev-utils (>=4.0.0 <=4.2.1)
react-dev-utils NPM version =4.0.0, =1.1.2, =0.1.0, =0.8.12, =0.1.0, =0.0.1, =2.13.0, =2.14.0, =0.2.0, =0.3.0, =0.2.2, =0.2.10-SNAPSHOT.481, =0.2.10-SNAPSHOT.673 - @leizeng/react-scripts-ts =2.13.0 and more Source cves: CVE-2018-6342 Source advisory: OSV:GHSA-29GP-92WP-94Q8...
@enact/cli (>=0.9.6 <=0.9.8), abt.api.web (=0.0.3) +26 more potentially affected by CVE-2018-6342 via react-dev-utils (>=3.0.0 <=3.1.1)
react-dev-utils NPM version =3.0.0, =0.9.6, =4.2.0, =1.5.1, =0.15.0, =0.7.0, =0.7.0, =0.1.0, =0.1.4, =1.9.2, =0.0.1, =0.0.1, =0.0.3 and more Source cves: CVE-2018-6342 Source advisory: OSV:GHSA-29GP-92WP-94Q8...
react-dev-utils on Windows vulnerable to Remote Code Execution
react-dev-utils on Windows is vulnerable to remote code execution. Recommendation Update to one of the following versions, depending on the release line that you are using. - 1.0.4 - 2.0.2 - 3.1.2 - 4.2.2 - 5.0.2 - 6.0.0-next.a671462c...
@1337lawyers/design (>=0.1.0 <=0.1.38), @9188/w-cli (>=1.0.0 <=1.0.4) +50 more potentially affected by CVE-2018-6342 via react-dev-utils (>=5.0.0 <=5.0.1)
react-dev-utils NPM version =5.0.0, =0.1.0, =1.0.0, =0.4.1, =0.1.0-latest.1a450bb3, =1.0.5, =1.0.0-beta.28, =1.0.1, =1.0.0, =1.0.0, =0.26.4, =0.0.0-legacy, =3.10.0-beta.0, =0.1.0-alpha.0, =2.1.16, =2.3.5 - aqxy-common-ui =0.0.1 and more Source cves: CVE-2018-6342 Source advisory:...
GHSA-29GP-92WP-94Q8 react-dev-utils on Windows vulnerable to Remote Code Execution
react-dev-utils on Windows is vulnerable to remote code execution. Recommendation Update to one of the following versions, depending on the release line that you are using. - 1.0.4 - 2.0.2 - 3.1.2 - 4.2.2 - 5.0.2 - 6.0.0-next.a671462c...
Cross site scripting
React applications which rendered to HTML using the ReactDOMServer API were not escaping user-supplied attribute names at render-time. That lack of escaping could lead to a cross-site scripting vulnerability. This issue affected minor releases 16.0.x, 16.1.x, 16.2.x, 16.3.x, and 16.4.x. It was...