• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-79

CVE-2021-23673

February 23, 2023 by

This affects all versions of package pekeupload. If an attacker induces a user to upload a file whose name contains javascript code, the javascript code will be executed.

CVE-2021-23414

February 23, 2023 by

This affects the package video.js before 7.14.3. The src attribute of track tag allows to bypass HTML escaping and execute arbitrary code.

CVE-2021-23416

February 23, 2023 by

This affects all versions of package curly-bracket-parser. When used as a template library, it does not properly sanitize the user input.

CVE-2021-23439

February 23, 2023 by

This affects the package file-upload-with-preview before 4.2.0. A file containing malicious JavaScript code in the name can be uploaded (a user needs to be tricked into uploading such a file).

CVE-2021-23445

February 23, 2023 by

This affects the package datatables.net before 1.11.3. If an array is passed to the HTML escape entities function it would not have its contents escaped.

CVE-2021-23398

February 23, 2023 by

All versions of package react-bootstrap-table are vulnerable to Cross-site Scripting (XSS) via the dataFormat parameter. The problem is triggered when an invalid React element is returned, leading to dangerouslySetInnerHTML being used, which does not sanitize the output.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 1635
  • Go to page 1636
  • Go to page 1637
  • Go to page 1638
  • Go to page 1639
  • Interim pages omitted …
  • Go to page 2216
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE