Hydrogen 跨站脚本漏洞

Hydrogen is a React-based framework for Shopify individual developers. It is used to build dynamic, custom storefronts powered by Shopify. A cross-site scripting vulnerability exists in Hydrogen versions 0.10.0 through 0.18.0, which can be exploited by an attacker to execute script on pages built...

PayloadCMS arbitrary file upload vulnerability

PayloadCMS is a Headless CMS and application framework built using TypeScript, Node.js, React and MongoDB.PayloadCMS is vulnerable to arbitrary file uploads, which can be exploited by attackers to execute arbitrary code via crafted SVG files...

JHipster SQL Injection Vulnerability

JHipster is an open source application builder that develops web applications and microservices primarily using Angular or React and Spring Framework.JHipster suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements, whic...

-tompan-reacttemplate (>=1.0.1 <=1.1.0), 00ld8nuivn (=2.1.0) +40777 more potentially affected by CVE-2022-24772 via node-forge (>=0.10.0 <=1.2.1)

node-forge NPM version =0.10.0, =1.0.1, =1.1.0 - 00ld8nuivn =2.1.0 - 00rqiw31nd =2.1.0 - 01dk01majk =2.1.0 - 02rjq8i863 =1.1.0 - 02vx8qsp01 =2.1.0 - 05y6tjgmws =1.1.0 - 066m7q8o0z =2.1.0 - 06buj9h3su =2.1.0 - 06dre15t8r =2.1.0 - 0726react =0.1.1 - 07fgapmu9l =1.1.0 - 07t2xvu6t4 =2.1.0 - 0850u4lkp...

CVE-2022-24740

Volto is a ReactJS-based frontend for the Plone Content Management System. Between versions 14.0.0-alpha.5 and 15.0.0-alpha.0, a user could have their authentication cookie replaced with an authentication cookie from another user, effectively giving them control of the other user's account and...

GHSA-CFHH-XGWQ-5R67 Sudden swap of user auth tokens in Volto

Impact Due to the usage of an outdated version of the react-cookie library, under the circumstances of given a server high load, it is possible that a user could get his/her auth cookie replaced with the auth cookie from another user, effectively giving him full access to the other users account...

Sudden swap of user auth tokens in Volto

Impact Due to the usage of an outdated version of the react-cookie library, under the circumstances of given a server high load, it is possible that a user could get his/her auth cookie replaced with the auth cookie from another user, effectively giving him full access to the other users account...

Spoofing Attack

swagger-ui-react is vulnerable to spoofing attack. The vulnerability allows remote attackers to acquire remote OpenAPI definitions by persuading the victim to open a specifically crafted URL...

Volto 授权问题漏洞

Volto is a ReactJS-based front-end for the Plone content management system. Volto is vulnerable to an authentication vulnerability that could be exploited by attackers to replace its authentication cookies with authentication cookies from other users, effectively giving them control over other...

GHSA-MF22-92PM-M8P8 Cross site scripting in @awsui/components-react

Impact Components could potentially allow cross-site scripting XSS in certain circumstances. These components could render content without adequate neutralization. Patches Fixed in 3.0.367...

CVE-2022-24709

@awsui/components-react is the main AWS UI package which contains React components, with TypeScript definitions designed for user interface development. Multiple components in versions before 3.0.367 have been found to not properly neutralize user input and may allow for javascript injection. Use...

Design/Logic Flaw

@awsui/components-react is the main AWS UI package which contains React components, with TypeScript definitions designed for user interface development. Multiple components in versions before 3.0.367 have been found to not properly neutralize user input and may allow for javascript injection. Use...

CVE-2022-24709 Cross site scripting in @awsui/components-react

@awsui/components-react is the main AWS UI package which contains React components, with TypeScript definitions designed for user interface development. Multiple components in versions before 3.0.367 have been found to not properly neutralize user input and may allow for javascript injection. Use...

CVE-2022-24709 Cross site scripting in @awsui/components-react

@awsui/components-react is the main AWS UI package which contains React components, with TypeScript definitions designed for user interface development. Multiple components in versions before 3.0.367 have been found to not properly neutralize user input and may allow for javascript injection. Use...

CVE-2022-24709 Cross site scripting in @awsui/components-react

@awsui/components-react is the main AWS UI package which contains React components, with TypeScript definitions designed for user interface development. Multiple components in versions before 3.0.367 have been found to not properly neutralize user input and may allow for javascript injection. Use...

CVE-2022-24709

The CVE-2022-24709 entry concerns @awsui/components-react (the AWS UI React component library). Affected versions before 3.0.367 fail to properly neutralize user input, which may permit JavaScript injection (XSS) when rendering content. The issue has been characterized across multiple sources as ...

components-react 跨站脚本漏洞

components-react is a set of React components that help create intuitive, responsive and accessible user experiences for web applications. A cross-site scripting vulnerability exists in versions prior to @awsui/components-react 3.0.367 that could allow javascript injection...

CVE-2022-23646

CVE-2022-23646 affects Next.js (React framework) versions 10.0.0 through 12.0.x prior to 12.1.0. The issue is UI misrepresentation of critical information when next.config.js defines an images.domains array and the image host in domains allows user-provided SVG; if next.config.js uses a non-defau...

CVE-2022-23646 Improper CSP in Image Optimization API for Next.js

Next.js is a React framework. Starting with version 10.0.0 and prior to version 12.1.0, Next.js is vulnerable to User Interface UI Misrepresentation of Critical Information. In order to be affected, the next.config.js file must have an images.domains array assigned and the image host assigned in...

01_basic_webpack (>=1.0.0 <=1.0.8), 0726react (=0.1.1) +12885 more potentially affected by CVE-2022-0613 via urijs (>=1.16.1 <=1.19.7)

urijs NPM version =1.16.1, =1.0.0, =1.0.9, =0.0.1, =0.0.1-beta.0, =1.0.0, =1.0.4, =1.0.1, =0.0.1, =0.1.1, =0.1.0, =0.0.1, =0.0.3 and more Source cves: CVE-2022-0613 Source advisory: OSV:GHSA-GCV8-GH4R-25X6...