Описание
There is a vulnerability in knockout before version 3.5.0-beta, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it.
Ссылки
- Issue TrackingPatchThird Party Advisory
- ExploitThird Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- Issue TrackingPatchThird Party Advisory
- ExploitThird Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
Уязвимые конфигурации
Одно из
Одно из
EPSS
6.1 Medium
CVSS3
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
Связанные уязвимости
There is a vulnerability in knockout before version 3.5.0-beta, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it.
There is a vulnerability in knockout before version 3.5.0-beta, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it.
There is a vulnerability in knockout before version 3.5.0-beta, where ...
Уязвимость библиотеки Knockout.js, связанная с непринятием мер по защите структуры веб-страницы, позволяющая нарушителю осуществить межсайтовую сценарную атаку
EPSS
6.1 Medium
CVSS3
6.1 Medium
CVSS3
4.3 Medium
CVSS2