419 matches found
CVE-2022-25875
CVE-2022-25875 affects the Svelte framework prior to 3.49.0, with an XSS vulnerability caused by improper input sanitization and improper escaping of attributes when SSR processes objects, exploitable via objects with a custom toString() function. Impact is Cross‑Site Scripting in applications us...
CVE-2022-25875 Cross-site Scripting (XSS)
The package svelte before 3.49.0 are vulnerable to Cross-site Scripting XSS due to improper input sanitization and to improper escape of attributes when using objects during SSR Server-Side Rendering. Exploiting this vulnerability is possible via objects with a custom toString function...
CVE-2022-25875
The package svelte before 3.49.0 are vulnerable to Cross-site Scripting XSS due to improper input sanitization and to improper escape of attributes when using objects during SSR Server-Side Rendering. Exploiting this vulnerability is possible via objects with a custom toString function...
Cross-site Scripting (XSS)
Overview svelte is a package for building web applications. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper input sanitization and to improper escape of attributes when using objects during SSR Server-Side Rendering. Exploiting this vulnerability is...
CVE-2021-4231
A flaw was found in the angular/core package. Affected versions of this package are vulnerable to Cross-site scripting XSS in development, with Server-side rendering SSR enabled...
Ssr Pages path traversal vulnerability
Ssr Pages is an Html page builder for Ssr server-side rendering. a path traversal vulnerability exists in Ssr Pages, which stems from a path traversal issue that can occur when untrusted input is provided to the svg attribute as an argument to the buildMessagePageOptions function, which can be...
Ssr Pages Cross-Site Scripting Vulnerability
Ssr Pages is an Html page builder for Ssr server-side rendering. Ssr Pages suffers from a cross-site scripting vulnerability that can be exploited by an attacker to provide untrusted input to a redirect, resulting in cross-site scripting...
CVE-2022-24718
ssr-pages is an HTML page builder for the purpose of server-side rendering SSR. In versions prior to 0.1.4, a path traversal issue can occur when providing untrusted input to the svg property as an argument to the buildMessagePageOptions function. While there is no known workaround at this time,...
Path traversal
ssr-pages is an HTML page builder for the purpose of server-side rendering SSR. In versions prior to 0.1.4, a path traversal issue can occur when providing untrusted input to the svg property as an argument to the buildMessagePageOptions function. While there is no known workaround at this time,...
CVE-2022-24718
CVE-2022-24718 affects the ssr-pages HTML page builder. A path traversal vulnerability exists when untrusted input is provided to the svg property as an argument to build(MessagePageOptions). The issue is present in versions prior to 0.1.4. A patch is available in version 0.1.4 (upgrade to 0.1.4 ...
CVE-2022-24718 Path Traversal in ssr-pages
ssr-pages is an HTML page builder for the purpose of server-side rendering SSR. In versions prior to 0.1.4, a path traversal issue can occur when providing untrusted input to the svg property as an argument to the buildMessagePageOptions function. While there is no known workaround at this time,...
CVE-2022-24718 Path Traversal in ssr-pages
ssr-pages is an HTML page builder for the purpose of server-side rendering SSR. In versions prior to 0.1.4, a path traversal issue can occur when providing untrusted input to the svg property as an argument to the buildMessagePageOptions function. While there is no known workaround at this time,...
CVE-2022-24717 Cross Site Scripting (XSS) in ssr-pages
ssr-pages is an HTML page builder for the purpose of server-side rendering SSR. In versions prior to 0.1.5, a cross site scripting XSS issue can occur when providing untrusted input to the redirect.link property as an argument to the buildMessagePageOptions function. While there is no known...
CVE-2022-24717 Cross Site Scripting (XSS) in ssr-pages
ssr-pages is an HTML page builder for the purpose of server-side rendering SSR. In versions prior to 0.1.5, a cross site scripting XSS issue can occur when providing untrusted input to the redirect.link property as an argument to the buildMessagePageOptions function. While there is no known...
SSR-pages 跨站脚本漏洞
Ssr Pages is an Html page builder for Ssr server-side rendering. Ssr Pages suffers from a cross-site scripting vulnerability that can be exploited by an attacker to provide untrusted input to a redirect, resulting in cross-site scripting...
XSS in client rendered block templates in rendr
Affected versions of rendr are vulnerable to cross-site scripting when client side rendering is done inside a block. Server side rendering is not affected and is properly escaped. Recommendation Update to version 1.1.4 or later...
Denial Of Service (DoS) Via Infinite Loop
graphql-hooks is vulnerable to denial of service DoS attacks. Since skipCache is set to true by default in the function useQuery during server side rendering, an attacker can send the query requests to trigger infinite loop as it runs indefinitely without raising any error or returning any result...
GHSA-MVJJ-GQQ2-P4HW Cross-Site Scripting in react-dom
Affected versions of react-dom are vulnerable to Cross-Site Scripting XSS. The package fails to validate attribute names in HTML tags which may lead to Cross-Site Scripting in specific scenarios. This may allow attackers to execute arbitrary JavaScript in the victim's browser. To be affected by...
The React application in the most common XSS exploits and Defense-vulnerability warning-the black bar safety net
The author has been firmly React technology stack of the user, and therefore will pay attention to the React application security related topics. The author in my ownReact+Redux+Webpack2scaffolding the third level also uses a lot of server-side rendering/isomorphism straight out of the technology...