Lucene search
K

419 matches found

CVE
CVE
added 2022/07/12 2:20 p.m.87 views

CVE-2022-25875

CVE-2022-25875 affects the Svelte framework prior to 3.49.0, with an XSS vulnerability caused by improper input sanitization and improper escaping of attributes when SSR processes objects, exploitable via objects with a custom toString() function. Impact is Cross‑Site Scripting in applications us...

6.1CVSS5.7AI score0.01042EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2022/07/12 2:20 p.m.23 views

CVE-2022-25875 Cross-site Scripting (XSS)

The package svelte before 3.49.0 are vulnerable to Cross-site Scripting XSS due to improper input sanitization and to improper escape of attributes when using objects during SSR Server-Side Rendering. Exploiting this vulnerability is possible via objects with a custom toString function...

5.4CVSS6.2AI score0.01042EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2022/07/12 2:15 p.m.2 views

CVE-2022-25875

The package svelte before 3.49.0 are vulnerable to Cross-site Scripting XSS due to improper input sanitization and to improper escape of attributes when using objects during SSR Server-Side Rendering. Exploiting this vulnerability is possible via objects with a custom toString function...

6.1CVSS6.4AI score0.01042EPSS
Exploits1References4
Snyk
Snyk
added 2022/06/17 1:10 p.m.2 views

Cross-site Scripting (XSS)

Overview svelte is a package for building web applications. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper input sanitization and to improper escape of attributes when using objects during SSR Server-Side Rendering. Exploiting this vulnerability is...

6.1CVSS5.3AI score0.01042EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2022/06/07 2:28 a.m.40 views

CVE-2021-4231

A flaw was found in the angular/core package. Affected versions of this package are vulnerable to Cross-site scripting XSS in development, with Server-side rendering SSR enabled...

5.4CVSS2.9AI score0.01053EPSS
Exploits0References3
CNVD
CNVD
added 2022/03/03 12:0 a.m.21 views

Ssr Pages path traversal vulnerability

Ssr Pages is an Html page builder for Ssr server-side rendering. a path traversal vulnerability exists in Ssr Pages, which stems from a path traversal issue that can occur when untrusted input is provided to the svg attribute as an argument to the buildMessagePageOptions function, which can be...

7.6CVSS2.1AI score0.01113EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/03 12:0 a.m.14 views

Ssr Pages Cross-Site Scripting Vulnerability

Ssr Pages is an Html page builder for Ssr server-side rendering. Ssr Pages suffers from a cross-site scripting vulnerability that can be exploited by an attacker to provide untrusted input to a redirect, resulting in cross-site scripting...

6.1CVSS5.9AI score0.00852EPSS
Exploits0References1
NVD
NVD
added 2022/03/01 7:15 p.m.21 views

CVE-2022-24718

ssr-pages is an HTML page builder for the purpose of server-side rendering SSR. In versions prior to 0.1.4, a path traversal issue can occur when providing untrusted input to the svg property as an argument to the buildMessagePageOptions function. While there is no known workaround at this time,...

7.6CVSS0.01113EPSS
Exploits0References3
Prion
Prion
added 2022/03/01 7:15 p.m.18 views

Path traversal

ssr-pages is an HTML page builder for the purpose of server-side rendering SSR. In versions prior to 0.1.4, a path traversal issue can occur when providing untrusted input to the svg property as an argument to the buildMessagePageOptions function. While there is no known workaround at this time,...

4CVSS6.4AI score0.01113EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2022/03/01 6:45 p.m.80 views

CVE-2022-24718

CVE-2022-24718 affects the ssr-pages HTML page builder. A path traversal vulnerability exists when untrusted input is provided to the svg property as an argument to build(MessagePageOptions). The issue is present in versions prior to 0.1.4. A patch is available in version 0.1.4 (upgrade to 0.1.4 ...

7.6CVSS6.5AI score0.01113EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2022/03/01 6:45 p.m.30 views

CVE-2022-24718 Path Traversal in ssr-pages

ssr-pages is an HTML page builder for the purpose of server-side rendering SSR. In versions prior to 0.1.4, a path traversal issue can occur when providing untrusted input to the svg property as an argument to the buildMessagePageOptions function. While there is no known workaround at this time,...

7.6CVSS7.6AI score0.01113EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2022/03/01 6:45 p.m.9 views

CVE-2022-24718 Path Traversal in ssr-pages

ssr-pages is an HTML page builder for the purpose of server-side rendering SSR. In versions prior to 0.1.4, a path traversal issue can occur when providing untrusted input to the svg property as an argument to the buildMessagePageOptions function. While there is no known workaround at this time,...

7.6CVSS7.4AI score0.01113EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2022/03/01 6:40 p.m.7 views

CVE-2022-24717 Cross Site Scripting (XSS) in ssr-pages

ssr-pages is an HTML page builder for the purpose of server-side rendering SSR. In versions prior to 0.1.5, a cross site scripting XSS issue can occur when providing untrusted input to the redirect.link property as an argument to the buildMessagePageOptions function. While there is no known...

6.1CVSS6.1AI score0.00852EPSS
Exploits0References4
Cvelist
Cvelist
added 2022/03/01 6:40 p.m.20 views

CVE-2022-24717 Cross Site Scripting (XSS) in ssr-pages

ssr-pages is an HTML page builder for the purpose of server-side rendering SSR. In versions prior to 0.1.5, a cross site scripting XSS issue can occur when providing untrusted input to the redirect.link property as an argument to the buildMessagePageOptions function. While there is no known...

6.1CVSS6.2AI score0.00852EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/03/01 12:0 a.m.4 views

SSR-pages 跨站脚本漏洞

Ssr Pages is an Html page builder for Ssr server-side rendering. Ssr Pages suffers from a cross-site scripting vulnerability that can be exploited by an attacker to provide untrusted input to a redirect, resulting in cross-site scripting...

6.1CVSS5.4AI score0.00852EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2020/09/01 3:33 p.m.25 views

XSS in client rendered block templates in rendr

Affected versions of rendr are vulnerable to cross-site scripting when client side rendering is done inside a block. Server side rendering is not affected and is properly escaped. Recommendation Update to version 1.1.4 or later...

3.4AI score0.00713EPSS
Exploits0References5Affected Software1
Veracode
Veracode
added 2019/12/02 11:51 a.m.9 views

Denial Of Service (DoS) Via Infinite Loop

graphql-hooks is vulnerable to denial of service DoS attacks. Since skipCache is set to true by default in the function useQuery during server side rendering, an attacker can send the query requests to trigger infinite loop as it runs indefinitely without raising any error or returning any result...

3AI score
Exploits0
OSV
OSV
added 2019/01/04 7:5 p.m.3 views

GHSA-MVJJ-GQQ2-P4HW Cross-Site Scripting in react-dom

Affected versions of react-dom are vulnerable to Cross-Site Scripting XSS. The package fails to validate attribute names in HTML tags which may lead to Cross-Site Scripting in specific scenarios. This may allow attackers to execute arbitrary JavaScript in the victim's browser. To be affected by...

6.1CVSS7.4AI score0.03426EPSS
Exploits0References6
myhack58
myhack58
added 2016/12/01 12:0 a.m.40 views

The React application in the most common XSS exploits and Defense-vulnerability warning-the black bar safety net

The author has been firmly React technology stack of the user, and therefore will pay attention to the React application security related topics. The author in my ownReact+Redux+Webpack2scaffolding the third level also uses a lot of server-side rendering/isomorphism straight out of the technology...

7AI score
Exploits0
Rows per page
Query Builder