Execution of arbitrary JavaScript from Svelecte item names. Svelecte vulnerability allows injection of arbitrary HTML into dropdown, leading to XSS attacks and potential execution of untrusted JavaScript
Reporter | Title | Published | Views | Family All 7 |
---|---|---|---|---|
OSV | Svelecte item names vulnerable to execution of arbitrary JavaScript | 14 Aug 202321:14 | – | osv |
Prion | Cross site scripting | 14 Aug 202321:15 | – | prion |
Veracode | Cross Site Scripting (XSS) | 16 Aug 202300:42 | – | veracode |
NVD | CVE-2023-38687 | 14 Aug 202321:15 | – | nvd |
Cvelist | CVE-2023-38687 Execution of arbitrary JavaScript from Svelecte item names | 14 Aug 202320:21 | – | cvelist |
Github Security Blog | Svelecte item names vulnerable to execution of arbitrary JavaScript | 14 Aug 202321:14 | – | github |
CVE | CVE-2023-38687 | 14 Aug 202321:15 | – | cve |
[
{
"cpes": [
"cpe:2.3:a:mskocik:svelecte:*:*:*:*:*:node.js:*:*"
],
"vendor": "mskocik",
"product": "svelecte",
"versions": [
{
"status": "affected",
"version": "0",
"lessThan": "3.16.3",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
}
]
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo