4 matches found
EUVD-2021-2327
Malware in sbrugna...
com.alibaba.rsocket:alibaba-broker-server (>=1.0.0.M1 <=1.0.0.RC3), com.dorkbox.GradleVaadin:com.dorkbox.GradleVaadin.gradle.plugin (=0.1) +108 more potentially affected by CVE-2021-33611 via org.webjars.bowergithub.vaadin:vaadin-menu-bar (>=1.0.3 <=1.2.0)
org.webjars.bowergithub.vaadin:vaadin-menu-bar MAVEN version =1.0.3, =1.0.0.M1, =1.0, =14.0.0, =0.0.3, =1.0.0, =0.3.1, =1.0.0, =1.0.0, =0.5.1, =2.0.1, =2.0.1, =2.0.1, =2.0.1, =2.2.3 and more Source cves: CVE-2021-33611 Source advisory: OSV:GHSA-93C4-VF86-3RJ7...
GHSA-93C4-VF86-3RJ7 Reflected cross-site scripting in vaadin-menu-bar webjar resources in Vaadin 14
Missing output sanitization in test sources in org.webjars.bowergithub.vaadin:vaadin-menu-bar versions 1.0.0 through 1.2.0 Vaadin 14.0.0 through 14.4.4 allows remote attackers to execute malicious JavaScript in browser by opening crafted URL...
Cross-site Scripting (XSS)
vaadin-menu-bar is vulnerable to cross-site scripting. The vulnerability exists due to the lack of output sanitization in test sources, which allows an attacker to execute malicious javascript in the browser by opening the crafted URL...