Lucene search

Veracode Vulnerability DatabaseVERACODE:45248

HistoryJan 31, 2024 - 6:56 a.m.

Cross Site Scripting (XSS)

2024-01-3106:56:07

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

cross site scripting

xss

server-side rendering

html pages

attacker

vulnerability

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

6.2 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.0%

JSON

@apollo/experimental-nextjs-app-support is vulnerable to Cross Site Scripting (XSS). The vulnerability due to improper sanitization during server-side rendering of HTML pages, which allows an attacker to perform XSS.

CPENameOperatorVersion
@apollo/experimental-nextjs-app-supportle0.6.0
@apollo/experimental-nextjs-app-supportle0.6.0

CPE	Name	Operator	Version
	@apollo/experimental-nextjs-app-support	le	0.6.0
	@apollo/experimental-nextjs-app-support	le	0.6.0

References

github.com/advisories/GHSA-rv8p-rr2h-fgpg

github.com/apollographql/apollo-client-nextjs/commit/b92bc42abd5f8e17d4db361c36bd08e4f541a46b

github.com/apollographql/apollo-client-nextjs/security/advisories/GHSA-rv8p-rr2h-fgpg

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

6.2 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.0%

JSON

Related for VERACODE:45248