CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-41677 – Cross-site Scripting (XSS) vulnerability due to improper HTML escaping in qwik
https://notcve.org/view.php?id=CVE-2024-41677
06 Aug 2024 — Qwik is a performance focused javascript framework. A potential mutation XSS vulnerability exists in Qwik for versions up to but not including 1.6.0. Qwik improperly escapes HTML on server-side rendering. It converts strings according to the rules found in the `render-ssr.ts` file. It sometimes causes the situation that the final DOM tree rendered on browsers is different from what Qwik expects on server-side rendering. • https://github.com/QwikDev/qwik/blob/v1.5.5/packages/qwik/src/core/render/ssr/render-ssr.ts#L1182-L1208 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-2307 – Cross-Site Request Forgery (CSRF) in builderio/qwik
https://notcve.org/view.php?id=CVE-2023-2307
26 Apr 2023 — Cross-Site Request Forgery (CSRF) in GitHub repository builderio/qwik prior to 0.104.0. • https://github.com/BuilderIO/qwik/pull/3862/commits/09190b70027354baf7ad3d208df9c05a87f75f57 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1283 – Code Injection in builderio/qwik
https://notcve.org/view.php?id=CVE-2023-1283
08 Mar 2023 — Code Injection in GitHub repository builderio/qwik prior to 0.21.0. • https://github.com/BuilderIO/qwik/pull/3249/commits/4d9ba6e098ae6e537aa55abb6b8369bb670ffe66 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-0410 – Cross-site Scripting (XSS) - Generic in builderio/qwik
https://notcve.org/view.php?id=CVE-2023-0410
20 Jan 2023 — Cross-site Scripting (XSS) - Generic in GitHub repository builderio/qwik prior to 0.1.0-beta5. Cross-site scripting (XSS) genérico en el repositorio de GitHub builderio/qwik anterior a 0.1.0-beta5. • https://github.com/builderio/qwik/commit/4b2f89dbbd2bc0a2c92eae1a49bdd186e589151a • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •