MAL-2023-32 Malicious code in @calizahq/react-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 78111dabb5b94f4d258c4b3b5fdcf32bdf408683de24f695841292aa83dc073a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @calizahq/react-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 78111dabb5b94f4d258c4b3b5fdcf32bdf408683de24f695841292aa83dc073a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in react-liveness (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 47194814149429b2ad255dd7af25f5f896c60db91a66c27a1e0ab4ebf077bde1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-725 Malicious code in react-liveness (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 47194814149429b2ad255dd7af25f5f896c60db91a66c27a1e0ab4ebf077bde1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in cache-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 967892bb014a13ae52c15c89a3f5ebbdc8e841bf2fd8dbe6502400f91357503d Lazarus Group targeting blockchain and cryptocurrency companies by exploiting software supply chains through malicious npm packages and social engineering...

MAL-2023-153 Malicious code in cache-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 967892bb014a13ae52c15c89a3f5ebbdc8e841bf2fd8dbe6502400f91357503d Lazarus Group targeting blockchain and cryptocurrency companies by exploiting software supply chains through malicious npm packages and social engineering...

4337-snap (>=0.1.0 <=0.1.1), @0xflair/contracts-registry (>=0.107.10 <=0.123.2) +336 more potentially affected by CVE-2023-34459 via @openzeppelin/contracts-upgradeable (>=4.7.0 <=4.8.3)

@openzeppelin/contracts-upgradeable NPM version =4.7.0, =0.1.0, =0.107.10, =1.9.0, =0.107.0, =0.107.0, =0.107.0, =0.69.0, =0.107.0, =0.97.1, =0.107.0, =0.107.0, =0.107.0, =4.0.0, =2.0.0, =3.1.0 - @abheektripathy/nftpass =1.1.0 and more Source cves: CVE-2023-34459 Source advisory:...

CVE-2023-3294

Cross-site Scripting XSS - DOM in GitHub repository saleor/react-storefront prior to c29aab226f07ca980cc19787dcef101e11b83ef7...

Cross site scripting

Cross-site Scripting XSS - DOM in GitHub repository saleor/react-storefront prior to c29aab226f07ca980cc19787dcef101e11b83ef7...

CVE-2023-3294 Cross-site Scripting (XSS) - DOM in saleor/react-storefront

Cross-site Scripting XSS - DOM in GitHub repository saleor/react-storefront prior to c29aab226f07ca980cc19787dcef101e11b83ef7...

CVE-2023-3294

CVE-2023-3294 corresponds to a DOM-based XSS in saleor/react-storefront (GitHub repo) prior to the commit c29aab226f07ca980cc19787dcef101e11b83ef7. Multiple sources (NVD, Red Hat, OSV, CVE listings, Huntr) describe a cross-site scripting vulnerability in the React storefront with potential user i...

CVE-2023-3294 Cross-site Scripting (XSS) - DOM in saleor/react-storefront

Cross-site Scripting XSS - DOM in GitHub repository saleor/react-storefront prior to c29aab226f07ca980cc19787dcef101e11b83ef7...

react-storefront 跨站脚本漏洞

react-storefront is a Saleor open source React.js open source storefront with Next.js. A cross-site scripting vulnerability exists in react-storefront. An attacker exploits this vulnerability to perform stored cross-site scripting XSS attacks...

CVE-2023-3294 Cross-site Scripting (XSS) - DOM in saleor/react-storefront

Cross-site Scripting XSS - DOM in GitHub repository saleor/react-storefront prior to c29aab226f07ca980cc19787dcef101e11b83ef7...

Malicious code in tslib-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx ef2c27850230a6ec89e578f414b36de97f9850b32450c33921cb68699cf3ba38 Lazarus Group targeting blockchain and cryptocurrency companies by exploiting software supply chains through malicious npm packages and social engineering...

Malicious code in react-router-packages (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 329da6645c0b4c1b67bd28d5bc5b0cde6725f995276a8a0e93bed30b180921ca Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-733 Malicious code in react-router-packages (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 329da6645c0b4c1b67bd28d5bc5b0cde6725f995276a8a0e93bed30b180921ca Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2023-34245

@udecode/plate-link is the link handler for the udecode/plate rich-text editor plugin system for Slate & React. Affected versions of the link plugin and link UI component do not sanitize URLs to prevent use of the javascript: scheme. As a result, links with JavaScript URLs can be inserted into th...

CVE-2023-34245 Cross site scripting (XSS) in @udecode/plate-link

@udecode/plate-link is the link handler for the udecode/plate rich-text editor plugin system for Slate & React. Affected versions of the link plugin and link UI component do not sanitize URLs to prevent use of the javascript: scheme. As a result, links with JavaScript URLs can be inserted into th...

CVE-2023-34245

The CVE-2023-34245 issue affects @udecode/plate-link, the link handler for the Plate editor (Slate/React). Affected versions allow JavaScript: URLs to be rendered into the DOM due to inadequate URL sanitization, enabling potential XSS through links inserted by various means. The patch in plate-li...