7.2

CVE-2022-1243

Exploit

CRHTLF can lead to invalid protocol extraction potentially leading to XSS in medialize/uri.js

CRHTLF can lead to invalid protocol extraction potentially leading to XSS in GitHub repository medialize/uri.js prior to 1.19.11.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Uri.Js ProjectUri.Js Version < 1.19.11
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.66% 0.468
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.1 2.8 2.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
security@huntr.dev 7.2 3.9 2.7
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://github.com/medialize/uri.js/commit/b0c9796aa1a95a85f40924fb18b1e5da3dc8ffae
Patch
Third Party Advisory
https://huntr.dev/bounties/8c5afc47-1553-4eba-a98e-024e4cc3dfb7
Patch
Third Party Advisory
Exploit
Issue Tracking