CVE-2020-7741

This affects the package hellojs before 1.18.6. The code get the param oauth_redirect from url and pass it to location.assign without any check and sanitisation. So we can simply pass some XSS payloads into the url param oauth_redirect, such as javascript:alert(1).
Configurations

Configuration 1

cpe:2.3:a:hello.js_project:hello.js:*:*:*:*:*:node.js:*:*

Information

Published : 2020-10-06 03:15

Updated : 2020-10-19 07:44


NVD link : CVE-2020-7741

Mitre link : CVE-2020-7741

Products Affected
No products.
CWE