CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2023/03/15 2:0 a.m.•10 views

MAL-2023-734 Malicious code in react-screen-reader-announce (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fc94449e1dfbaea67fc7604cd192d90a355930f498364278937ae27e64050540 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score

OSSF Malicious Packages•added 2023/03/15 2:0 a.m.•3 views

Malicious code in fluent-ui-react-latest (npm)

6.9AI score

OSSF Malicious Packages•added 2023/03/15 2:0 a.m.•5 views

Malicious code in react-advanced-breadcrumbs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 43ca4841853fdec8c951bcbb886eb3fbf01574178c614c25db2ed6a608d31d45 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score

OSSF Malicious Packages•added 2023/03/15 2:0 a.m.•4 views

Malicious code in react-screen-reader-announce (npm)

6.9AI score

OSV•added 2023/03/15 2:0 a.m.•9 views

MAL-2023-723 Malicious code in react-advanced-breadcrumbs (npm)

7AI score

Snyk•added 2023/03/14 8:19 a.m.•2 views

Malicious Package

Overview cp-react-ui-lib is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package w...

Snyk•added 2023/03/13 8:18 a.m.•2 views

Malicious Package

Overview react-advanced-breadcrumbs is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if thi...

Snyk•added 2023/03/13 8:18 a.m.•2 views

Malicious Package

Overview react-screen-reader-announce is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if...

Veracode•added 2023/03/03 3:42 a.m.•33 views

Cross-site Scripting (XSS)

github.com/grafana/grafana is vulnerable to Cross-site Scripting XSS. The vulnerability exists due to React's render cycle in the "Text" plugin which passes through the unsanitized HTML code, allowing an attacker with an editor role to inject and execute malicious JavaScript, and take over the...

6.4CVSS5.4AI score0.1546EPSS

Exploits0References7Affected Software1

Tenable Nessus•added 2023/03/03 12:0 a.m.•37 views

FreeBSD : Grafana -- Stored XSS in text panel plugin (6dccc186-b824-11ed-b695-6c3be5272acd)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 6dccc186-b824-11ed-b695-6c3be5272acd advisory. - Grafana is an open-source platform for monitoring and observability. On 2023-01-01 during an internal...

6.4CVSS7.2AI score0.01562EPSS

NVD•added 2023/03/02 1:15 a.m.•18 views

CVE-2023-22462

Grafana is an open-source platform for monitoring and observability. On 2023-01-01 during an internal audit of Grafana, a member of the security team found a stored XSS vulnerability affecting the core plugin "Text". The stored XSS vulnerability requires several user interactions in order to be...

6.4CVSS6.7AI score0.01562EPSS

Exploits0References4

AlpineLinux•added 2023/03/02 1:15 a.m.•34 views

CVE-2023-22462

6.4CVSS5.8AI score0.01562EPSS

Exploits0

Prion•added 2023/03/02 1:15 a.m.•21 views

Cross site scripting

4.9CVSS5.4AI score0.1546EPSS

Exploits0References4Affected Software1

Vulnrichment•added 2023/03/02 12:6 a.m.•15 views

CVE-2023-22462 Stored XSS in Grafana Text plugin

6.4CVSS6.2AI score0.01562EPSS

Exploits0References4

Cvelist•added 2023/03/02 12:6 a.m.•21 views

CVE-2023-22462 Stored XSS in Grafana Text plugin

6.4CVSS6.8AI score0.01562EPSS

Exploits0References4

OSV•added 2023/03/02 12:6 a.m.•24 views

CVE-2023-22462 Stored XSS in Grafana Text plugin

6.4CVSS7.3AI score0.1546EPSS

Exploits0References6

Patchstack•added 2023/03/02 12:0 a.m.•7 views

WordPress React Webcam Plugin <= 1.2.0 is vulnerable to Cross Site Scripting (XSS)

Software React Webcam Type Plugin Vulnerable versions = 1.2.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0365 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID cf5bf1433f54 Credits Lana Codes Required...

5.4CVSS5.9AI score0.00471EPSS

Exploits2References4Affected Software1

Snyk•added 2023/03/01 8:18 a.m.•2 views

Malicious Package

Overview react-test-renderer-17 is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...

Snyk•added 2023/02/21 8:17 a.m.•3 views

Malicious Package

Overview tools-access-react is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this packag...