Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-h685-83w4-3ph3: iziModal Cross-site Scripting vulnerability

iziModal is a modal plugin with jQuery. Versions prior to 1.6.1 are vulnerable to cross-site scripting (XSS) when handling untrusted modal titles. An attacker who is able to influence the field title when creating a iziModal instance is able to supply arbitrary html or javascript code that will be rendered in the context of a user, potentially leading to XSS. Version 1.6.1 contains a patch for this issue

ghsa
Open in Source
#xss#vulnerability#git#java

iziModal Cross-site Scripting vulnerability

Moderate severity GitHub Reviewed Published Feb 21, 2023 to the GitHub Advisory Database • Updated Feb 22, 2023

Related news

CVE-2021-32860: GHSL-2021-1044: Security contact needed · Issue #249 · marcelodolza/iziModal

iziModal is a modal plugin with jQuery. Versions prior to 1.6.1 are vulnerable to cross-site scripting (XSS) when handling untrusted modal titles. An attacker who is able to influence the field `title` when creating a `iziModal` instance is able to supply arbitrary `html` or `javascript` code that will be rendered in the context of a user, potentially leading to `XSS`. Version 1.6.1 contains a patch for this issue

ghsa: Latest News

GHSA-3m86-c9x3-vwm9: Graylog vulnerable to privilege escalation through API tokens
ghsa