CVE-2022-4414 – Cross-site Scripting (XSS) - DOM in nuxt/framework
https://notcve.org/view.php?id=CVE-2022-4414
Cross-site Scripting (XSS) - DOM in GitHub repository nuxt/framework prior to v3.0.0-rc.13. Cross-site Scripting (XSS): DOM en el repositorio de GitHub nuxt/framework anterior a v3.0.0-rc.13. • https://github.com/nuxt/framework/commit/19a2cd14929ca9b55720cb81f71687830a9e59a4 https://huntr.dev/bounties/131a41e5-c936-4c3f-84fc-e0e1f0e090b5 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-37430
https://notcve.org/view.php?id=CVE-2022-37430
Silverstripe silverstripe/framework through 4.11 allows XSS vulnerability via href attribute of a link (issue 2 of 2). El framework Silverstripe hasta la versión 4.11 permite la vulnerabilidad XSS a través del atributo href de un enlace (problema 2 de 2). • https://forum.silverstripe.org/c/releases https://www.silverstripe.org/blog/tag/release https://www.silverstripe.org/download/security-releases https://www.silverstripe.org/download/security-releases/CVE-2022-37430 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-37429
https://notcve.org/view.php?id=CVE-2022-37429
Silverstripe silverstripe/framework through 4.11 allows XSS (issue 1 of 2) via JavaScript payload to the href attribute of a link by splitting a javascript URL with white space characters. El framework Silverstripe hasta la versión 4.11 permite XSS (problema 1 de 2) a través del payload de JavaScript al atributo href de un enlace al dividir una URL de JavaScript con caracteres de espacio en blanco. • https://forum.silverstripe.org/c/releases https://www.silverstripe.org/blog/tag/release https://www.silverstripe.org/download/security-releases https://www.silverstripe.org/download/security-releases/CVE-2022-37429 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-38145
https://notcve.org/view.php?id=CVE-2022-38145
Silverstripe silverstripe/framework through 4.11 allows XSS (issue 1 of 3) via remote attackers adding a Javascript payload to a page's meta description and get it executed in the versioned history compare view. El framework Silverstripe hasta la versión 4.11 permite XSS (problema 1 de 3) a través de atacantes remotos que agreguen un payload de Javascript a la meta descripción de una página y la ejecute en la vista de comparación del historial de versiones. • https://forum.silverstripe.org/c/releases https://www.silverstripe.org/blog/tag/release https://www.silverstripe.org/download/security-releases https://www.silverstripe.org/download/security-releases/CVE-2022-38145 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-38147
https://notcve.org/view.php?id=CVE-2022-38147
Silverstripe silverstripe/framework through 4.11 allows XSS (issue 3 of 3). El framework Silverstripe hasta 4.11 permite XSS (problema 3 de 3). • https://forum.silverstripe.org/c/releases https://www.silverstripe.org/blog/tag/release https://www.silverstripe.org/download/security-releases https://www.silverstripe.org/download/security-releases/CVE-2022-38147 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •