22 matches found
EUVD-2018-0768
Malware in sbrugna...
EUVD-2018-0771
Malware in sbrugna...
GHSA-Q69P-5H74-W36F Content Injection via TileJSON Name in mapbox.js
Versions 1.x prior to 1.6.6 and 2.x prior to 2.2.4 of mapbox.js are vulnerable to a cross-site-scripting attack in certain uncommon usage scenarios. If L.mapbox.map or L.mapbox.shareControl are used in a manner that gives users control of the TileJSON content, it is possible to inject script...
Content Injection via TileJSON Name in mapbox.js
Versions 1.x prior to 1.6.6 and 2.x prior to 2.2.4 of mapbox.js are vulnerable to a cross-site-scripting attack in certain uncommon usage scenarios. If L.mapbox.map or L.mapbox.shareControl are used in a manner that gives users control of the TileJSON content, it is possible to inject script...
GHSA-QR28-7J6P-9HMV Content Injection via TileJSON attribute in mapbox.js
Versions 1.x prior to 1.6.5 and 2.x prior to 2.1.7 of mapbox.js are vulnerable to a cross-site-scripting attack in certain uncommon usage scenarios. If L.mapbox.map or L.mapbox.tileLayer are used to load untrusted TileJSON content from a non-Mapbox URL, it is possible for a malicious user with...
Content Injection via TileJSON attribute in mapbox.js
Versions 1.x prior to 1.6.5 and 2.x prior to 2.1.7 of mapbox.js are vulnerable to a cross-site-scripting attack in certain uncommon usage scenarios. If L.mapbox.map or L.mapbox.tileLayer are used to load untrusted TileJSON content from a non-Mapbox URL, it is possible for a malicious user with...
Mapbox.js Cross-Site Scripting Vulnerability
Mapbox.js is a U.S. Mapbox company's open source for rapid development of interactive map library . A cross-site scripting vulnerability exists in Mapbox.js version 1.x before 1.6.5 and version 2.x before 2.1.7. A remote attacker can exploit this vulnerability to inject script into the 'attribute...
Mapbox.js cross-site scripting vulnerability (CNVD-2017-27716)
Mapbox.js is a U.S. Mapbox company's open source for rapid development of interactive map library . A cross-site scripting vulnerability exists in Mapbox.js version 1.x before 1.6.6 and version 2.x before 2.2.4. A remote attacker can exploit this vulnerability to inject scripted content into the...
CVE-2017-1000043
Mapbox.js versions 1.x prior to 1.6.6 and 2.x prior to 2.2.4 are vulnerable to a cross-site-scripting attack in certain uncommon usage scenarios via TileJSON name and map share control...
CVE-2017-1000043
Mapbox.js versions 1.x prior to 1.6.6 and 2.x prior to 2.2.4 are vulnerable to a cross-site-scripting attack in certain uncommon usage scenarios via TileJSON name and map share control...
CVE-2017-1000042
Mapbox.js versions 1.x prior to 1.6.5 and 2.x prior to 2.1.7 are vulnerable to a cross-site-scripting attack in certain uncommon usage scenarios via TileJSON Name...
CVE-2017-1000042
Mapbox.js versions 1.x prior to 1.6.5 and 2.x prior to 2.1.7 are vulnerable to a cross-site-scripting attack in certain uncommon usage scenarios via TileJSON Name...
Cross site scripting
Mapbox.js versions 1.x prior to 1.6.6 and 2.x prior to 2.2.4 are vulnerable to a cross-site-scripting attack in certain uncommon usage scenarios via TileJSON name and map share control...
Cross site scripting
Mapbox.js versions 1.x prior to 1.6.5 and 2.x prior to 2.1.7 are vulnerable to a cross-site-scripting attack in certain uncommon usage scenarios via TileJSON Name...
CVE-2017-1000042
Mapbox.js is affected by a cross-site scripting (XSS) vulnerability in TileJSON handling. Versions 1.x prior to 1.6.5 and 2.x prior to 2.1.7 are vulnerable when untrusted TileJSON content is loaded via L.mapbox.map or L.mapbox.tileLayer from non-Mapbox URLs, allowing script injection in the TileJ...
CVE-2017-1000042
Mapbox.js versions 1.x prior to 1.6.5 and 2.x prior to 2.1.7 are vulnerable to a cross-site-scripting attack in certain uncommon usage scenarios via TileJSON Name...
CVE-2017-1000043
Mapbox.js versions 1.x prior to 1.6.6 and 2.x prior to 2.2.4 are vulnerable to a cross-site-scripting attack in certain uncommon usage scenarios via TileJSON name and map share control...
CVE-2017-1000043
The CVE refers to a cross-site scripting vulnerability in Mapbox.js. Affected versions are 1.x before 1.6.6 and 2.x before 2.2.4, where using L.mapbox.map or L.mapbox.shareControl with TileJSON content under user control can allow injection of script content into the TileJSON name field. After th...
mapbox-rails Content Injection via TileJSON Name
Mapbox.js versions 1.x prior to 1.6.6 and 2.x prior to 2.2.4 are vulnerable to a cross-site-scripting attack in certain uncommon usage scenarios. If you use L.mapbox.map and L.mapbox.shareControl it is possible for a malicious user with control over the TileJSON content to inject script content...
Content Injection via TileJSON Name
Overview Versions 1.x prior to 1.6.6 and 2.x prior to 2.2.4 of mapbox.js are vulnerable to a cross-site-scripting attack in certain uncommon usage scenarios. If L.mapbox.map or L.mapbox.shareControl are used in a manner that gives users control of the TileJSON content, it is possible to inject...