MAL-2023-1440 Malicious code in react-dropzone-legacy (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2617d06d7f7e79da19c8a24acc1e620c9a46dcf8b6a5087f482081c2badff0de Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in react-native-transparent-video (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cfc4c56c3c11c9b9f70d9cc95f941b8549be2b5b18c367c51ed8d531cb0f2ca6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-1441 Malicious code in react-native-transparent-video (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cfc4c56c3c11c9b9f70d9cc95f941b8549be2b5b18c367c51ed8d531cb0f2ca6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in react-toolbox-docs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 422a604d191acbb8c624bc1ef790995e034a891c2bb65d4fdf729675ed8d4ae6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-1018 Malicious code in react-toolbox-docs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 422a604d191acbb8c624bc1ef790995e034a891c2bb65d4fdf729675ed8d4ae6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in react-intl-cdo (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis afcb5984f676ea2bd3bfbbac709ca2328833be4441f0579e0ce29032a7d860e4 The OpenSSF Package Analysis project identified 'react-intl-cdo' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...

MAL-2023-1281 Malicious code in react-intl-cdo (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis afcb5984f676ea2bd3bfbbac709ca2328833be4441f0579e0ce29032a7d860e4 The OpenSSF Package Analysis project identified 'react-intl-cdo' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...

Malicious code in uitk-react-action-list-item (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis c5ae6c09c0106f49a13c2a2b42ec5ae87f855fce905b95188d6645f263a17bf8 The OpenSSF Package Analysis project identified 'uitk-react-action-list-item' @ 99.99.1 npm as malicious. It is considered malicious because: -...

Malicious code in @mendeley-internal/react-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 4b3c54bd49a9cb3df935485579edbec49aa244d45e1a1f0535ceb9ee0c278871 The OpenSSF Package Analysis project identified '@mendeley-internal/react-ui' @ 100.0.1 npm as malicious. It is considered malicious because: -...

CVE-2023-37259

matrix-react-sdk is a react-based SDK for inserting a Matrix chat/voip client into a web page. The Export Chat feature includes certain attacker-controlled elements in the generated document without sufficient escaping, leading to stored Cross site scripting XSS. Since the Export Chat feature...

CVE-2023-37259 Cross site scripting in Export Chat feature

matrix-react-sdk is a react-based SDK for inserting a Matrix chat/voip client into a web page. The Export Chat feature includes certain attacker-controlled elements in the generated document without sufficient escaping, leading to stored Cross site scripting XSS. Since the Export Chat feature...

CVE-2023-37259

CVE-2023-37259 affects matrix-react-sdk. The Export Chat feature injects attacker-controlled elements into a generated document without proper escaping, causing stored XSS. The exploit runs from the null origin (document-only context) but can be used to leak message contents; a malicious homeserv...

CVE-2023-37259 Cross site scripting in Export Chat feature

matrix-react-sdk is a react-based SDK for inserting a Matrix chat/voip client into a web page. The Export Chat feature includes certain attacker-controlled elements in the generated document without sufficient escaping, leading to stored Cross site scripting XSS. Since the Export Chat feature...

CVE-2023-37259 Cross site scripting in Export Chat feature

matrix-react-sdk is a react-based SDK for inserting a Matrix chat/voip client into a web page. The Export Chat feature includes certain attacker-controlled elements in the generated document without sufficient escaping, leading to stored Cross site scripting XSS. Since the Export Chat feature...

matrix-react-sdk 跨站脚本漏洞

matrix-react-sdk is a Matrix open source component for inserting the Matrix chat/voip client into web pages. A cross-site scripting vulnerability exists in matrix-react-sdk versions 3.32.0 through 3.76.0, which stems from the Export Chat feature containing certain attacker-controlled elements in...

MAL-2023-1280 Malicious code in react-green-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 3109c997fe1ab2888814f3679bf903a97bce7112d5921a921ae0aea7d787fe3d The OpenSSF Package Analysis project identified 'react-green-ui' @ 10.0.49 npm as malicious. It is considered malicious because: - The package...

Malicious code in react-green-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 3109c997fe1ab2888814f3679bf903a97bce7112d5921a921ae0aea7d787fe3d The OpenSSF Package Analysis project identified 'react-green-ui' @ 10.0.49 npm as malicious. It is considered malicious because: - The package...

Malicious code in meetingsdk-sample-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8b35b4caef11623ed6a19de27a6ca20f776482dc18bfe6fb11b3d852adb69eed Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-587 Malicious code in meetingsdk-sample-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8b35b4caef11623ed6a19de27a6ca20f776482dc18bfe6fb11b3d852adb69eed Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @calizahq/react-hooks (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 736249350ff22b093bcff8631c4b2722b245bb27b2ef003fdf490a7171dc3c77 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...