• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-79

CVE-2020-7773

February 26, 2023 by

This affects the package markdown-it-highlightjs before 3.3.1. It is possible insert malicious JavaScript as a value of lang in the markdown-it-highlightjs Inline code highlighting feature. const markdownItHighlightjs = require(“markdown-it-highlightjs”); const md = require(‘markdown-it’); const reuslt_xss = md() .use(markdownItHighlightjs, { inline: true }) .render(‘console.log(42){.”>js}’); console.log(reuslt_xss);

CVE-2020-7776

February 26, 2023 by

This affects the package phpoffice/phpspreadsheet from 0.0.0. The library is vulnerable to XSS when creating an html output from an excel file by adding a comment on any cell. The root cause of this issue is within the HTML writer where user comments are concatenated as part of link and this is returned as HTML. A fix for this issue is available on commit 0ed5b800be2136bcb8fa9c1bdf59abc957a98845/master branch.

CVE-2020-7809

February 26, 2023 by

ALSong 3.46 and earlier version contain a Document Object Model (DOM) based cross-site scripting vulnerability caused by improper validation of user input. A remote attacker could exploit this vulnerability by tricking the victim to open ALSong Album(sab) file.

CVE-2020-7734

February 26, 2023 by

All versions of package cabot are vulnerable to Cross-site Scripting (XSS) via the Endpoint column.

CVE-2020-7741

February 26, 2023 by

This affects the package hellojs before 1.18.6. The code get the param oauth_redirect from url and pass it to location.assign without any check and sanitisation. So we can simply pass some XSS payloads into the url param oauth_redirect, such as javascript:alert(1).

CVE-2020-7747

February 26, 2023 by

This affects all versions of package lightning-server. It is possible to inject malicious JavaScript code as part of a session controller.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 603
  • Go to page 604
  • Go to page 605
  • Go to page 606
  • Go to page 607
  • Interim pages omitted …
  • Go to page 2216
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE