4914 matches found
Malicious Package
Overview mobile-auth-library-react-native is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable ...
Malicious Package
Overview react-wp-viewer is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package w...
Malicious Package
Overview tools-access-react-redux is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...
Malicious Package
Overview ifoodshop-react-ui is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this packag...
React Webcam <= 1.2.0 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. reactwebcam dir='" onmouseover="alert1"...
React Webcam <= 1.2.0 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC reactwebcam dir='" onmouseover="alert1"...
3lc (>=2.3.84 <=2.6.4), aiocronjob (>=0.6.0 <=0.7.0) +10 more potentially affected by CVE-2023-25578 via starlite (>=1.39.0 <=1.51.16)
starlite PYPI version =1.39.0, =2.3.84, =0.6.0, =0.4.0, =0.5.1, =1.0.0, =0.1.0, =0.1.3, =1.0.0, =0.1.0, =0.8.1 - strawberry-graphql =0.168.0 Source cves: CVE-2023-25578 Source advisory: OSV:PYSEC-2023-49...
Cross-site Scripting (XSS)
react-admin is vulnerable to Cross-site Scripting XSS. The vulnerability exists because the dangerouslySetInnerHTML attribute in RichTextField.tsx does not sanitize on the client side. If the data isn't sanitized server-side, the RichTextField attribute allows an attacker to inject and execute...
@activitypods/react (>=2.0.0-alpha.13 <=2.2.0), @amplicode/addon-camunda (>=0.0.1-snapshot.1 <=0.0.1-snapshot.9) +56 more potentially affected by CVE-2023-25572 via react-admin (>=4.12.1 <=4.16.20)
react-admin NPM version =4.12.1, =2.0.0-alpha.13, =0.0.1-snapshot.1, =0.0.1-snapshot.1, =0.0.1, =3.0.0, =1.0.10, =0.0.1, =0.0.1, =0.0.1, =1.0.0, =0.0.4, =0.1.33, =4.0.0, =1.1.0, =1.0.0, =1.6.7 and more Source cves: CVE-2023-25572 Source advisory: OSV:GHSA-5JCR-82FH-339V...
@activitypods/react (>=2.0.0-alpha.13 <=2.2.0), @amplicode/addon-camunda (>=0.0.1-snapshot.1 <=0.0.1-snapshot.9) +58 more potentially affected by CVE-2023-25572 via ra-ui-materialui (>=4.12.0 <=4.16.20)
ra-ui-materialui NPM version =4.12.0, =2.0.0-alpha.13, =0.0.1-snapshot.1, =0.0.1-snapshot.1, =0.0.1, =3.0.0, =1.0.10, =0.0.1, =0.0.1, =0.0.1, =1.0.0, =0.0.4, =0.1.33, =4.0.0, =1.1.0, =1.0.0, =1.6.7 and more Source cves: CVE-2023-25572 Source advisory: OSV:GHSA-5JCR-82FH-339V...
GHSA-5JCR-82FH-339V Cross-Site-Scripting attack on `<RichTextField>`
Impact All React applications built with react-admin and using the are affected. outputs the field value using dangerouslySetInnerHTML without client-side sanitization. If the data isn't sanitized server-side, this opens a possible Cross-Site-Scripting XSS attack. Proof of concept: jsx import...
Cross-Site-Scripting attack on `<RichTextField>`
Impact All React applications built with react-admin and using the are affected. outputs the field value using dangerouslySetInnerHTML without client-side sanitization. If the data isn't sanitized server-side, this opens a possible Cross-Site-Scripting XSS attack. Proof of concept: jsx import...
@api-platform/admin (>=0.5.0 <=1.0.2), @bishoy_melek_wadie/react-admin-firebase (>=0.9.0 <=0.9.1) +69 more potentially affected by CVE-2023-25572 via react-admin (>=2.4.2 <=3.19.11)
react-admin NPM version =2.4.2, =0.5.0, =0.9.0, =0.0.1, =1.0.0, =0.6.5, =0.6.3, =0.8.11, =1.0.1, =1.0.0, =1.0.0, =1.2.0, =1.2.2 and more Source cves: CVE-2023-25572 Source advisory: OSV:GHSA-5JCR-82FH-339V...
CVE-2023-25572
react-admin is a frontend framework for building browser applications on top of REST/GraphQL APIs. react-admin prior to versions 3.19.12 and 4.7.6, along with ra-ui-materialui prior to 3.19.12 and 4.7.6, are vulnerable to cross-site scripting. All React applications built with react-admin and usi...
Cross site scripting
react-admin is a frontend framework for building browser applications on top of REST/GraphQL APIs. react-admin prior to versions 3.19.12 and 4.7.6, along with ra-ui-materialui prior to 3.19.12 and 4.7.6, are vulnerable to cross-site scripting. All React applications built with react-admin and usi...
CVE-2023-25572
CVE-2023-25572 concerns react-admin and related RA UI Material-UI before 3.19.12/4.7.6, where the RichTextField outputs HTML via dangerouslySetInnerHTML without client-side sanitization. If server-side data isn’t sanitized, this enables cross-site scripting (XSS) across React applications built w...
CVE-2023-25572 React-Admin vulnerable to Cross-Site-Scripting attack on `<RichTextField>`
react-admin is a frontend framework for building browser applications on top of REST/GraphQL APIs. react-admin prior to versions 3.19.12 and 4.7.6, along with ra-ui-materialui prior to 3.19.12 and 4.7.6, are vulnerable to cross-site scripting. All React applications built with react-admin and usi...
CVE-2023-25572 React-Admin vulnerable to Cross-Site-Scripting attack on `<RichTextField>`
react-admin is a frontend framework for building browser applications on top of REST/GraphQL APIs. react-admin prior to versions 3.19.12 and 4.7.6, along with ra-ui-materialui prior to 3.19.12 and 4.7.6, are vulnerable to cross-site scripting. All React applications built with react-admin and usi...
CVE-2023-25572 React-Admin vulnerable to Cross-Site-Scripting attack on `<RichTextField>`
react-admin is a frontend framework for building browser applications on top of REST/GraphQL APIs. react-admin prior to versions 3.19.12 and 4.7.6, along with ra-ui-materialui prior to 3.19.12 and 4.7.6, are vulnerable to cross-site scripting. All React applications built with react-admin and usi...
react-admin 跨站脚本漏洞
react-admin is a front-end framework for building data-driven applications that run in the browser on top of a REST/GraphQL API, using ES6, React, and Material Design. A security vulnerability exists in react-admin versions 3.x prior to 3.19.12 and 4.x prior to 4.7.6, which stems from the presenc...