Количество 2
Количество 2
CVE-2023-41049
@dcl/single-sign-on-client is an open source npm library which deals with single sign on authentication flows. Improper input validation in the `init` function allows arbitrary javascript to be executed using the `javascript:` prefix. This vulnerability has been patched on version `0.1.0`. Users are advised to upgrade. Users unable to upgrade should limit untrusted user input to the `init` function.
GHSA-vp4f-wxgw-7x8x
Improper Neutralization of Script in Attributes in @dcl/single-sign-on-client
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2023-41049 @dcl/single-sign-on-client is an open source npm library which deals with single sign on authentication flows. Improper input validation in the `init` function allows arbitrary javascript to be executed using the `javascript:` prefix. This vulnerability has been patched on version `0.1.0`. Users are advised to upgrade. Users unable to upgrade should limit untrusted user input to the `init` function. | CVSS3: 7.5 | 0% Низкий | больше 2 лет назад |
| GHSA-vp4f-wxgw-7x8x Improper Neutralization of Script in Attributes in @dcl/single-sign-on-client | CVSS3: 7.5 | 0% Низкий | больше 2 лет назад |
Уязвимостей на страницу