7 matches found
EUVD-2021-0866
Malware in sbrugna...
@scullyio/init (=1.0.0-beta.4) potentially affected by CVE-2020-28470 via @scullyio/ng-lib (=1.0.0-beta.1)
@scullyio/ng-lib NPM version =1.0.0-beta.1 is affected by a known vulnerability. The following packages have a transitive dependency on @scullyio/ng-lib and may be impacted: - @scullyio/init =1.0.0-beta.4 Source cves: CVE-2020-28470 Source advisory: OSV:GHSA-R96P-V3CR-GFV8...
GHSA-R96P-V3CR-GFV8 Cross-site Scripting (XSS) in @scullyio/scully
This affects the package @scullyio/scully before 1.0.9. The transfer state is serialised with the JSON.stringify function and then written into the HTML page...
Cross-site Scripting (XSS) in @scullyio/scully
This affects the package @scullyio/scully before 1.0.9. The transfer state is serialised with the JSON.stringify function and then written into the HTML page...
Scullyio Scully Code Execution Vulnerability
Scullyio Scully is a Typescript-based software for building Angular applications organized by Scullyio.Scully pre-renders every page in the application as plain HTML and CSS.To do this, Scully uses guessjs to find all the routes in the project. Scully then accesses each route, renders the view an...
CVE-2020-28470
This affects the package @scullyio/scully before 1.0.9. The transfer state is serialised with the JSON.stringify function and then written into the HTML page...
CVE-2020-28470
The CVE-2020-28470 entry affects @scullyio/scully (pre-1.0.9). The issue arises because the transfer state is serialized with JSON.stringify() and written into the HTML page, enabling potential Cross-Site Scripting (XSS) when untrusted data is rendered. The primary impacted component is Scully’s ...