CVE-2026-3884

Versions of the package spin.js before 3.0.0 are vulnerable to Cross-site Scripting XSS via the spin function that allows a creation of more than 1 alert for each 'target' element. An attacker would need to set an arbitrary key-value pair on Object.prototype through a crafted URL achieving a...

Linux Distros Unpatched Vulnerability : CVE-2026-3884

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Versions of the package spin.js before 3.0.0 are vulnerable to Cross-site Scripting XSS via the spin function that allows a creation of more than 1 alert for ea...

EUVD-2026-11105

Versions of the package spin.js before 3.0.0 are vulnerable to Cross-site Scripting XSS via the spin function that allows a creation of more than 1 alert for each 'target' element. An attacker would need to set an arbitrary key-value pair on Object.prototype through a crafted URL achieving a...

CVE-2026-3884

Versions of the package spin.js before 3.0.0 are vulnerable to Cross-site Scripting XSS via the spin function that allows a creation of more than 1 alert for each 'target' element. An attacker would need to set an arbitrary key-value pair on Object.prototype through a crafted URL achieving a...

DEBIAN-CVE-2026-3884

Versions of the package spin.js before 3.0.0 are vulnerable to Cross-site Scripting XSS via the spin function that allows a creation of more than 1 alert for each 'target' element. An attacker would need to set an arbitrary key-value pair on Object.prototype through a crafted URL achieving a...

CVE-2026-3884

Versions of the package spin.js before 3.0.0 are vulnerable to Cross-site Scripting XSS via the spin function that allows a creation of more than 1 alert for each 'target' element. An attacker would need to set an arbitrary key-value pair on Object.prototype through a crafted URL achieving a...

UBUNTU-CVE-2026-3884

Versions of the package spin.js before 3.0.0 are vulnerable to Cross-site Scripting XSS via the spin function that allows a creation of more than 1 alert for each 'target' element. An attacker would need to set an arbitrary key-value pair on Object.prototype through a crafted URL achieving a...

CVE-2026-3884

Versions of the package spin.js before 3.0.0 are vulnerable to Cross-site Scripting XSS via the spin function that allows a creation of more than 1 alert for each 'target' element. An attacker would need to set an arbitrary key-value pair on Object.prototype through a crafted URL achieving a...

CVE-2026-3884

Versions of the package spin.js before 3.0.0 are vulnerable to Cross-site Scripting XSS via the spin function that allows a creation of more than 1 alert for each 'target' element. An attacker would need to set an arbitrary key-value pair on Object.prototype through a crafted URL achieving a...

CVE-2026-3884

Versions of the package spin.js before 3.0.0 are vulnerable to Cross-site Scripting XSS via the spin function that allows a creation of more than 1 alert for each 'target' element. An attacker would need to set an arbitrary key-value pair on Object.prototype through a crafted URL achieving a...

CVE-2026-3884

CVE-2026-3884 affects spin.js versions before 3.0.0. The issue combines prototype pollution via crafted URL targeting Object.prototype, enabling Cross-site Scripting (XSS) through the spin() function (multiple alerts per target). The description does not specify a concrete remediation patch/versi...

EUVD-2026-11106

Versions of the package spin.js before 3.0.0 are vulnerable to Cross-site Scripting XSS via the spin function that allows a creation of more than 1 alert for each 'target' element. An attacker would need to set an arbitrary key-value pair on Object.prototype through a crafted URL achieving a...

PT-2026-24582

Name of the Vulnerable Software and Affected Versions spin.js versions prior to 3.0.0 Description The software is susceptible to Cross-site Scripting XSS through the spin function. This allows an attacker to create multiple alerts for each 'target' element. Exploitation requires prototype...

spin.js 安全漏洞

spin.js is a JavaScript library developed by Felix Gnass. Versions of spin.js prior to 3.0.0 contained security vulnerabilities. These vulnerabilities stemmed from prototype pollution and cross-site scripting vulnerabilities in the spin function, which could allow attackers to execute arbitrary...

Cross-site Scripting (XSS)

Overview spin.js is an A spinning activity indicator Affected versions of this package are vulnerable to Cross-site Scripting XSS via the spin function that allows a creation of more than 1 alert for each 'target' element. An attacker would need to set an arbitrary key-value pair on...

Cross-site Scripting (XSS)

Overview org.webjars.npm:spin.js is an A spinning activity indicator Affected versions of this package are vulnerable to Cross-site Scripting XSS via the spin function that allows a creation of more than 1 alert for each 'target' element. An attacker would need to set an arbitrary key-value pair ...

Tenable Nessus < 10.5.0 Multiple Vulnerabilities (TNS-2023-09)

Tenable Nessus is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:tenable:nessus"; ifdescripti...

Tenable Nessus <= 10.4.2 Multiple Vulnerabilities (TNS-2023-09)

According to its self-reported version, the Tenable Nessus application running on the remote host is 10.4.2 or earlier. It is, therefore, affected by multiple vulnerabilities in OpenSSL prior to version 3.0.8, spin.js prior to version 2.3.2, and datatables.net prior to version 1.13.2: - An attack...

[R2] Nessus Version 10.5.0 Fixes Multiple Vulnerabilities

R2 Nessus Version 10.5.0 Fixes Multiple Vulnerabilities Arnie Cabral Thu, 03/02/2023 - 12:42 Nessus leverages third-party software to help provide underlying functionality. Several of the third-party components OpenSSL, spin.js, datatables.net were found to contain vulnerabilities, and updated...