Lucene search

K

Phantomjs Security Vulnerabilities

cve
cve

CVE-2020-7739

This affects all versions of package phantomjs-seo. It is possible for an attacker to craft a url that will be passed to a PhantomJS instance allowing for an SSRF...

8.2CVSS

8AI Score

0.002EPSS

2020-10-06 03:15 PM
25
cve
cve

CVE-2019-17221

PhantomJS through 2.1.1 has an arbitrary file read vulnerability, as demonstrated by an XMLHttpRequest for a file:// URI. The vulnerability exists in the page.open() function of the webpage module, which loads a specified URL and calls a given callback. An attacker can supply a specially crafted...

7.5CVSS

7.2AI Score

0.004EPSS

2019-11-05 02:15 PM
52
cve
cve

CVE-2016-10661

phantomjs-cheniu is a Headless WebKit with JS API phantomjs-cheniu downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is...

8.1CVSS

8.2AI Score

0.002EPSS

2018-06-04 04:29 PM
32