Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-3672: XSS mitigation · PlaidWeb/webmention.js@3551b66

Cross-site Scripting (XSS) - DOM in GitHub repository plaidweb/webmention.js prior to 0.5.5.

CVE
#xss#web#js#git

Expand Up

@@ -188,10 +188,12 @@ A more detailed example:

* @returns {string}

*/

function entities(text) {

return text.replace(/&/g, “&”)

.replace(/</g, “<”)

.replace(/>/g, “>”)

.replace(/"/g, “"”);

return text.replace(/[&<>"]/g, (tag) => ({

'&’: '&’,

'<’: '<’,

'>’: '>’,

'"’: '"’,

}[tag] || tag));

}

/**

Expand Down Expand Up

@@ -327,7 +329,7 @@ A more detailed example:

let linktext = `(${t(“mention”)})`;

if (c.name) {

linkclass = "name";

linktext = c.name;

linktext = entities(c.name);

} else if (c.content && c.content.text) {

linkclass = "text";

linktext = extractComment©;

Expand Down

Related news

GHSA-r54g-4qq6-chxg: webmention.js Cross-site Scripting vulnerability

webmention.js prior to 0.5.5 is vulnerable to cross-site scripting.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907