• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-79

CVE-2020-7749

February 26, 2023 by

This affects all versions of package osm-static-maps. User input given to the package is passed directly to a template without escaping ({{{ … }}}). As such, it is possible for an attacker to inject arbitrary HTML/JS code and depending on the context. It will be outputted as an HTML on the page which gives opportunity for XSS or rendered on the server (puppeteer) which also gives opportunity for SSRF and Local File Read.

CVE-2020-7750

February 26, 2023 by

This affects the package scratch-svg-renderer before 0.2.0-prerelease.20201019174008. The loadString function does not escape SVG properly, which can be used to inject arbitrary elements into the DOM via the _transformMeasurements function.

CVE-2020-7676

February 26, 2023 by

angular.js prior to 1.8.0 allows cross site scripting. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping “” elements in “” ones changes parsing behavior, leading to possibly unsanitizing code.

CVE-2020-7680

February 26, 2023 by

docsify prior to 4.11.4 is susceptible to Cross-site Scripting (XSS). Docsify.js uses fragment identifiers (parameters after # sign) to load resources from server-side .md files. Due to lack of validation here, it is possible to provide external URLs after the /#/ (domain.com/#//attacker.com) and render arbitrary JavaScript/HTML inside docsify page.

CVE-2020-7690

February 26, 2023 by

All affected versions <2.0.0 of package jspdf are vulnerable to Cross-site Scripting (XSS). It is possible to inject JavaScript code via the html method.

CVE-2020-7691

February 26, 2023 by

In all versions of the package jspdf, it is possible to use <script> in order to go over the filtering regex.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 604
  • Go to page 605
  • Go to page 606
  • Go to page 607
  • Go to page 608
  • Interim pages omitted …
  • Go to page 2216
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE