PT-2023-26569 · Npm · Import-In-The-Middle

Name of the Vulnerable Software and Affected Versions: import-in-the-middle versions prior to 1.4.2 Description: The import-in-the-middle loader works by generating a wrapper module on the fly, using the module specifier to load the original module and add some wrapping code. This allows for remo...

Reflected XSS from the callback handler's error query parameter

Overview Versions before and including 1.4.1 are vulnerable to reflected XSS. An attacker can execute arbitrary code by providing an XSS payload in the error query parameter which is then processed by the callback handler as an error message. Am I affected? You are affected by this vulnerability ...