8 matches found
EUVD-2019-0627
Malware in sbrugna...
CVE-2019-15482
selectize-plugin-a11y before 1.1.0 has XSS via the msg field...
Cross-Site Scripting
Overview Versions of selectize-plugin-a11y prior to 1.1.0 are vulnerable to Cross-Site Scripting. The accessibility.liveRegion.speak function does not sanitize the msg variable before rendering it as HTML. If this variable is controlled by user input it allows attackers to execute arbitrary...
Cross-Site Scripting in selectize-plugin-a11y
Versions of selectize-plugin-a11y prior to 1.1.0 are vulnerable to Cross-Site Scripting. The accessibility.liveRegion.speak function does not sanitize the msg variable before rendering it as HTML. If this variable is controlled by user input it allows attackers to execute arbitrary JavaScript in ...
GHSA-8CPW-73F2-W58M Cross-Site Scripting in selectize-plugin-a11y
Versions of selectize-plugin-a11y prior to 1.1.0 are vulnerable to Cross-Site Scripting. The accessibility.liveRegion.speak function does not sanitize the msg variable before rendering it as HTML. If this variable is controlled by user input it allows attackers to execute arbitrary JavaScript in ...
Cross-site Scripting (XSS)
selectize-plugin-a11y is vulnerable to cross-site scripting XSS. The vulnerability exists due to improper handling of the msg field which allows a malicious user to inject and execute arbitrary Javascript through it...
CVE-2019-15482
selectize-plugin-a11y before 1.1.0 has XSS via the msg field...
CVE-2019-15482
The CVE-2019-15482 entry concerns the package selectize-plugin-a11y prior to version 1.1.0, where a Cross-Site Scripting (XSS) vulnerability exists in the msg field. The root cause, as described in the Node.js advisory, is that the accessibility.liveRegion.speak function does not sanitize the msg...