CVE-2022-36060

matrix-react-sdk is a Matrix chat protocol SDK for React Javascript. Events sent with special strings in key places can temporarily disrupt or impede the matrix-react-sdk from functioning properly, such as by causing room or event tile crashes. The remainder of the application can appear...

CVE-2022-36060 Prototype pollution in matrix-react-sdk

matrix-react-sdk is a Matrix chat protocol SDK for React Javascript. Events sent with special strings in key places can temporarily disrupt or impede the matrix-react-sdk from functioning properly, such as by causing room or event tile crashes. The remainder of the application can appear...

CVE-2023-28103 Prototype pollution in matrix-react-sdk

matrix-react-sdk is a Matrix chat protocol SDK for React Javascript. In certain configurations, data sent by remote servers containing special strings in key locations could cause modifications of the Object.prototype, disrupting matrix-react-sdk functionality, causing denial of service and...

CVE-2023-28103

CVE-2023-28103 affects matrix-react-sdk (Matrix JS/React SDK). In certain configurations, data from remote servers containing special strings in key locations could cause prototype pollution by modifying Object.prototype, disrupting sdk functionality and potentially causing denial of service or l...

CVE-2023-28103 Prototype pollution in matrix-react-sdk

matrix-react-sdk is a Matrix chat protocol SDK for React Javascript. In certain configurations, data sent by remote servers containing special strings in key locations could cause modifications of the Object.prototype, disrupting matrix-react-sdk functionality, causing denial of service and...

CVE-2023-28103

matrix-react-sdk is a Matrix chat protocol SDK for React Javascript. In certain configurations, data sent by remote servers containing special strings in key locations could cause modifications of the Object.prototype, disrupting matrix-react-sdk functionality, causing denial of service and...

matrix-react-skin (>=0.0.1 <=0.0.2), vector-web (=0.3.0) potentially affected by CVE-2022-36060 via matrix-react-sdk (>=0.0.1 <=0.2.0)

matrix-react-sdk NPM version =0.0.1, =0.0.1, =0.0.2 - vector-web =0.3.0 Source cves: CVE-2022-36060 Source advisory: OSV:GHSA-2X9C-QWGF-94XR...

GHSA-2X9C-QWGF-94XR matrix-react-sdk Prototype pollution vulnerability

Impact Events sent with special strings in key places can temporarily disrupt or impede the matrix-react-sdk from functioning properly, such as by causing room or event tile crashes. The remainder of the application can appear functional, though certain rooms/events will not be rendered. Patches...

PT-2023-21561 · Unknown · Matrix-React-Sdk

Name of the Vulnerable Software and Affected Versions: matrix-react-sdk versions prior to 3.69.0 Description: The issue arises when data sent by remote servers contains special strings in key locations, potentially modifying the Object.prototype and disrupting the functionality of matrix-react-sd...

matrix-react-sdk 安全漏洞

Travis Ralston matrix-react-sdk is a Travis Ralston open source application. It is used to insert the Matrix chat/voice client into web pages. A security vulnerability exists in matrix-react-sdk versions prior to 3.53.0, which stems from an event sent using a special string in a critical location...

PT-2023-13454 · Unknown · Matrix-React-Sdk

Name of the Vulnerable Software and Affected Versions: matrix-react-sdk versions prior to 3.53.0 Description: Events sent with special strings in key places can temporarily disrupt or impede the matrix-react-sdk from functioning properly, such as by causing room or event tile crashes. The remaind...

matrix-react-sdk 安全漏洞

Travis Ralston matrix-react-sdk is a Travis Ralston open source application. It is used to insert the Matrix chat/voice client into a web page. A security vulnerability exists in matrix-react-sdk, which originates from data sent from a remote server that could result in some functionality being...

CVE-2023-0365

The React Webcam WordPress plugin through 1.2.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2023-0365

The React Webcam WordPress plugin through 1.2.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

Cross site scripting

The React Webcam WordPress plugin through 1.2.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2023-0365

The CVE-2023-0365 entry concerns the React Webcam WordPress plugin (versions

CVE-2023-0365 React Webcam <= 1.2.0 - Contributor+ Stored XSS

The React Webcam WordPress plugin through 1.2.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2023-0365 React Webcam <= 1.2.0 - Contributor+ Stored XSS

The React Webcam WordPress plugin through 1.2.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

PT-2023-16215 · WordPress · React Webcam Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: React Webcam WordPress plugin version 1.2.0 Description: The issue is related to the React Webcam WordPress plugin, which does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the...

WordPress plugin React Webcam 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...