Lucene search
Veracode Vulnerability DatabaseVERACODE:39468HistoryMar 01, 2023 - 2:54 a.m.
Cross-site Scripting (XSS)
2023-03-0102:54:33
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
7
cross-site scripting
@braintree/sanitize-url
vulnerability
html encoded colons
url injection
javascript execution
0.001 Low
EPSS
Percentile
30.0%
@braintree/sanitize-url is vulnerable to Cross-site Scripting (XSS). The vulnerability exists because the decodeHtmlCharacters function in index.ts does not properly sanitize html encoded colons in the urlSchemeRegex parameter, which allows an attacker to inject and execute malicious JavaScript by providing a malicious URL.
| CPE | Name | Operator | Version |
|---|---|---|---|
| @braintree/sanitize-url | le | 6.0.0 | |
| @braintree/sanitize-url | le | 6.0.0 | |
| @braintree/sanitize-url | le | 6.0.0 | |
| @braintree/sanitize-url | le | 6.0.0 |
Related
cve
cve
CVE-2022-48345
2023-02-24 06:15:11
nessus
nessus
RHEL 9 : sanitize-url (Unpatched Vulnerability)
2024-05-11 00:00:00
RHEL 8 : sanitize-url (Unpatched Vulnerability)
2024-05-11 00:00:00
RHEL 9 : grafana (Unpatched Vulnerability)
2024-06-03 00:00:00
osv
osv
CVE-2022-48345
2023-02-24 06:15:11
@braintree/sanitize-url Cross-site Scripting vulnerability
2023-02-24 06:30:16
cvelist
cvelist
CVE-2022-48345
2023-02-24 00:00:00
github
github
@braintree/sanitize-url Cross-site Scripting vulnerability
2023-02-24 06:30:16
debiancve
debiancve
CVE-2022-48345
2023-02-24 06:15:11
ubuntucve
ubuntucve
CVE-2022-48345
2023-02-24 00:00:00
redhatcve
redhatcve
CVE-2022-48345
2023-03-01 05:29:45
prion
prion
Design/Logic Flaw
2023-02-24 06:15:00
ibm
ibm
nvd
nvd
CVE-2022-48345
2023-02-24 06:15:11