CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1243 – CRHTLF can lead to invalid protocol extraction potentially leading to XSS in medialize/uri.js
https://notcve.org/view.php?id=CVE-2022-1243
CRHTLF can lead to invalid protocol extraction potentially leading to XSS in GitHub repository medialize/uri.js prior to 1.19.11. CRHTLF puede conllevar a una extracción de protocolo no válida conllevando potencialmente a un ataque de tipo XSS en el repositorio de GitHub medialize/uri.js versiones anteriores a 1.19.11 • https://github.com/medialize/uri.js/commit/b0c9796aa1a95a85f40924fb18b1e5da3dc8ffae https://huntr.dev/bounties/8c5afc47-1553-4eba-a98e-024e4cc3dfb7 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1233 – URL Confusion When Scheme Not Supplied in medialize/uri.js
https://notcve.org/view.php?id=CVE-2022-1233
URL Confusion When Scheme Not Supplied in GitHub repository medialize/uri.js prior to 1.19.11. Una Confusión de URL cuando no es proporcionado el esquema en el repositorio de GitHub medialize/uri.js versiones anteriores a 1.19.11 • https://github.com/medialize/uri.js/commit/88805fd3da03bd7a5e60947adb49d182011f1277 https://huntr.dev/bounties/228d5548-1109-49f8-8aee-91038e88371c • CWE-115: Misinterpretation of Input CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0868 – Open Redirect in medialize/uri.js
https://notcve.org/view.php?id=CVE-2022-0868
Open Redirect in GitHub repository medialize/uri.js prior to 1.19.10. Un Redireccionamiento Abierto en el repositorio GitHub medialize/uri.js versiones anteriores a 1.19.10 • https://github.com/medialize/uri.js/commit/a8166fe02f3af6dc1b2b888dcbb807155aad9509 https://huntr.dev/bounties/5f4db013-64bd-4a6b-9dad-870c296b0b02 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-24723 – Improper Input Validation in URI.js
https://notcve.org/view.php?id=CVE-2022-24723
URI.js is a Javascript URL mutation library. Before version 1.19.9, whitespace characters are not removed from the beginning of the protocol, so URLs are not parsed properly. This issue has been patched in version 1.19.9. Removing leading whitespace from values before passing them to URI.parse can be used as a workaround. URI.js es una biblioteca de mutación de URLs en Javascript. • https://github.com/medialize/URI.js/releases/tag/v1.19.9 https://github.com/medialize/URI.js/security/advisories/GHSA-gmv4-r438-p67f https://github.com/medialize/uri.js/commit/86d10523a6f6e8dc4300d99d671335ee362ad316 https://huntr.dev/bounties/82ef23b8-7025-49c9-b5fc-1bb9885788e5 https://access.redhat.com/security/cve/CVE-2022-24723 https://bugzilla.redhat.com/show_bug.cgi?id=2062370 • CWE-20: Improper Input Validation CWE-1173: Improper Use of Validation Framework •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2022-0613 – Authorization Bypass Through User-Controlled Key in medialize/uri.js
https://notcve.org/view.php?id=CVE-2022-0613
Authorization Bypass Through User-Controlled Key in NPM urijs prior to 1.19.8. Una Omisión de Autorización mediante una clave controlada por el usuario en NPM urijs versiones anteriores a 1.19.8 A flaw was found in urijs due to the fix of CVE-2021-3647 not considering case-sensitive protocol schemes in the URL. This issue allows attackers to bypass the patch. • https://github.com/medialize/uri.js/commit/6ea641cc8648b025ed5f30b090c2abd4d1a5249f https://huntr.dev/bounties/f53d5c42-c108-40b8-917d-9dad51535083 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MXSSATHALUSXXD2KT6UFZAX7EG4GR332 https://access.redhat.com/security/cve/CVE-2022-0613 https://bugzilla.redhat.com/show_bug.cgi?id=2055496 • CWE-639: Authorization Bypass Through User-Controlled Key •