14 matches found
CVE-2019-12313
XSS exists in Shave before 2.5.3 because output encoding is mishandled during the overwrite of an HTML element...
EUVD-2019-0465
Malware in sbrugna...
GHSA-GH4G-3GM9-5WRQ Cross-Site Scripting in shave
Versions of shave prior to 2.5.3 are vulnerable to Cross-Site Scripting. The shave package overwrites HTML elements and in doing so fails to properly encode the output. If encoded HTML input is passed into shave the output will be decoded which may lead to Cross-Site Scripting. Recommendation...
@britannica/compendium (>=1.0.0 <=6.0.0-beta.3), @catapult-tech/cp-design-system-row (=1.0.0) +26 more potentially affected by CVE-2019-12313 via shave (>=0.1.8 <=2.5.10)
shave NPM version =0.1.8, =1.0.0, =2.0.0, =0.4.0, =1.0.1, =1.2.10, =0.4.36, =0.2.20, =0.8.167, =0.4.54, =1.1.13, =0.35.2, =0.3.0, =1.24.2, =4.1.0, =16.1.2 and more Source cves: CVE-2019-12313 Source advisory: OSV:GHSA-GH4G-3GM9-5WRQ...
Cross-Site Scripting in shave
Versions of shave prior to 2.5.3 are vulnerable to Cross-Site Scripting. The shave package overwrites HTML elements and in doing so fails to properly encode the output. If encoded HTML input is passed into shave the output will be decoded which may lead to Cross-Site Scripting. Recommendation...
Cross-site Scripting (XSS)
shave is vulnerable to Cross-Site Scripting. The element is not properly sanitized, allowing a remote attacker attacker to pass a malicious input to execute arbitrary Javascript code on the victim's browser...
CVE-2019-12313
XSS exists in Shave before 2.5.3 because output encoding is mishandled during the overwrite of an HTML element...
Cross site scripting
XSS exists in Shave before 2.5.3 because output encoding is mishandled during the overwrite of an HTML element...
CVE-2019-12313
XSS exists in Shave before 2.5.3 because output encoding is mishandled during the overwrite of an HTML element...
CVE-2019-12313
CVE-2019-12313 affects the Shave JavaScript plugin. Multiple sources confirm a Cross-Site Scripting vulnerability in versions before 2.5.3 caused by mishandled output encoding during the overwrite of an HTML element. The in-scope impact is XSS on client browsers when provided encoded HTML input i...
CVE-2019-12313
XSS exists in Shave before 2.5.3 because output encoding is mishandled during the overwrite of an HTML element...
Shave Cross-Site Scripting Vulnerability
Shave is a Javascript plugin that can truncate multiple lines of text according to the set number of pixels max-height. A cross-site scripting vulnerability exists in versions prior to Shave 2.5.3, which can be exploited by attackers to execute client-side code...
Cross-Site Scripting
Overview Versions of shave prior to 2.5.3 are vulnerable to Cross-Site Scripting. The shave package overwrites HTML elements and in doing so fails to properly encode the output. If encoded HTML input is passed into shave the output will be decoded which may lead to Cross-Site Scripting...
A week in security (May 28 – June 3)
Last week on Labs, we talked about the significance of SEO poisoning in the world of search marketing, blackmail attempts against financial institutions in Canada, voice command flaws in smart assistants, survey and potential phishing scams on Instagram, and the latest changes in Office 365. We...