Количество 2
Количество 2
CVE-2020-13973
OWASP json-sanitizer before 1.2.1 allows XSS. An attacker who controls a substring of the input JSON, and controls another substring adjacent to a SCRIPT element in which the output is embedded as JavaScript, may be able to confuse the HTML parser as to where the SCRIPT element ends, and cause non-script content to be interpreted as JavaScript.
GHSA-g8jj-899q-8x3j
Cross-site scripting in json-sanitizer
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2020-13973 OWASP json-sanitizer before 1.2.1 allows XSS. An attacker who controls a substring of the input JSON, and controls another substring adjacent to a SCRIPT element in which the output is embedded as JavaScript, may be able to confuse the HTML parser as to where the SCRIPT element ends, and cause non-script content to be interpreted as JavaScript. | CVSS3: 6.1 | 0% Низкий | больше 5 лет назад |
| GHSA-g8jj-899q-8x3j Cross-site scripting in json-sanitizer | CVSS3: 6.1 | 0% Низкий | почти 4 года назад |
Уязвимостей на страницу