GHSA-7jh9-6cpf-h4m7

Опубликовано: 13 янв. 2021

Источник: github

Github: Прошло ревью

CVSS3: 9.9

Описание

XSS in hello.js

This affects the package hello.js before 1.18.6. The code get the param oauth_redirect from url and pass it to location.assign without any check and sanitisation. So we can simply pass some XSS payloads into the url param oauth_redirect, such as javascript:alert(1).

Ссылки

Пакеты

Наименование

hellojs

npm

Затронутые версииВерсия исправления

< 1.18.6

1.18.6

EPSS

Процентиль: 66%

0.00517

Низкий

9.9 Critical

CVSS3

CVE ID

CVE-2020-7741

Дефекты

CWE-79

Связанные уязвимости

CVE-2020-7741

CVSS3: 9.9

nvd

больше 5 лет назад

This affects the package hellojs before 1.18.6. The code get the param oauth_redirect from url and pass it to location.assign without any check and sanitisation. So we can simply pass some XSS payloads into the url param oauth_redirect, such as javascript:alert(1).

EPSS

Процентиль: 66%

0.00517

Низкий

9.9 Critical

CVSS3

CVE ID

CVE-2020-7741

Дефекты

CWE-79