CVE-2022-4414 – Cross-site Scripting (XSS) - DOM in nuxt/framework
https://notcve.org/view.php?id=CVE-2022-4414
Cross-site Scripting (XSS) - DOM in GitHub repository nuxt/framework prior to v3.0.0-rc.13. Cross-site Scripting (XSS): DOM en el repositorio de GitHub nuxt/framework anterior a v3.0.0-rc.13. • https://github.com/nuxt/framework/commit/19a2cd14929ca9b55720cb81f71687830a9e59a4 https://huntr.dev/bounties/131a41e5-c936-4c3f-84fc-e0e1f0e090b5 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-37430
https://notcve.org/view.php?id=CVE-2022-37430
Silverstripe silverstripe/framework through 4.11 allows XSS vulnerability via href attribute of a link (issue 2 of 2). El framework Silverstripe hasta la versión 4.11 permite la vulnerabilidad XSS a través del atributo href de un enlace (problema 2 de 2). • https://forum.silverstripe.org/c/releases https://www.silverstripe.org/blog/tag/release https://www.silverstripe.org/download/security-releases https://www.silverstripe.org/download/security-releases/CVE-2022-37430 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-37429
https://notcve.org/view.php?id=CVE-2022-37429
Silverstripe silverstripe/framework through 4.11 allows XSS (issue 1 of 2) via JavaScript payload to the href attribute of a link by splitting a javascript URL with white space characters. El framework Silverstripe hasta la versión 4.11 permite XSS (problema 1 de 2) a través del payload de JavaScript al atributo href de un enlace al dividir una URL de JavaScript con caracteres de espacio en blanco. • https://forum.silverstripe.org/c/releases https://www.silverstripe.org/blog/tag/release https://www.silverstripe.org/download/security-releases https://www.silverstripe.org/download/security-releases/CVE-2022-37429 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-38724
https://notcve.org/view.php?id=CVE-2022-38724
Silverstripe silverstripe/framework through 4.11.0, silverstripe/assets through 1.11.0, and silverstripe/asset-admin through 1.11.0 allow XSS. Silverstripe silverstripe/framework hasta 4.11.0, silverstripe/assets hasta 1.11.0 y silverstripe/asset-admin hasta 1.11.0 permiten XSS. • https://forum.silverstripe.org/c/releases https://www.silverstripe.org/blog/tag/release https://www.silverstripe.org/download/security-releases https://www.silverstripe.org/download/security-releases/CVE-2022-38724 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-38462
https://notcve.org/view.php?id=CVE-2022-38462
Silverstripe silverstripe/framework through 4.11 is vulnerable to XSS by carefully crafting a return URL on a /dev/build or /Security/login request. Silverstripe silverstripe/framework hasta 4.11 es vulnerable a XSS al manipular cuidadosamente una URL de retorno en una solicitud /dev/build o /Security/login. • https://forum.silverstripe.org/c/releases https://www.silverstripe.org/blog/tag/release https://www.silverstripe.org/download/security-releases • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •