GHSA-jp6r-xcjj-5h7r
Suggest an improvement- Source
- https://github.com/advisories/GHSA-jp6r-xcjj-5h7r
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/08/GHSA-jp6r-xcjj-5h7r/GHSA-jp6r-xcjj-5h7r.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-jp6r-xcjj-5h7r
- Aliases
- Published
- 2019-08-27T17:36:32Z
- Modified
- 2023-11-01T04:50:31.692760Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- Cross-Site Scripting in cyberchef
- Details
-
Versions of
cyberchefprior to 8.31.3 are vulnerable to Cross-Site Scripting. InText Encoding Brute Forcethe table rows are created by concatenating thevaluevariable unsanitized in the HTML code. If this variable is controlled by user input it allows attackers to execute arbitrary JavaScript in a victim's browser.Recommendation
Upgrade to version 8.31.3 or later.
- Database specific
{ "nvd_published_at": null, "github_reviewed_at": "2019-08-27T15:50:14Z", "severity": "MODERATE", "github_reviewed": true, "cwe_ids": [ "CWE-79" ] }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2019-15532
- https://github.com/gchq/CyberChef/issues/539
- https://github.com/gchq/CyberChef/issues/544
- https://github.com/gchq/CyberChef/commit/01f0625d6a177f9c5df9281f12a27c814c2d8bcf
- https://github.com/gchq/CyberChef/compare/v8.31.1...v8.31.2
- https://snyk.io/vuln/SNYK-JS-CYBERCHEF-460296
- https://www.npmjs.com/advisories/1149
Affected packages
npm / cyberchef
Package
- Name
- cyberchef
- View open source insights on deps.dev
- Purl
- pkg:npm/cyberchef