CVE-2022-1243
- EPSS 0.34%
- Published 05.04.2022 15:15:08
- Last modified 21.11.2024 06:40:19
CRHTLF can lead to invalid protocol extraction potentially leading to XSS in GitHub repository medialize/uri.js prior to 1.19.11.
CVE-2022-1233
- EPSS 0.25%
- Published 04.04.2022 20:15:10
- Last modified 21.11.2024 06:40:18
URL Confusion When Scheme Not Supplied in GitHub repository medialize/uri.js prior to 1.19.11.
CVE-2022-0868
- EPSS 0.33%
- Published 06.03.2022 16:15:07
- Last modified 21.11.2024 06:39:33
Open Redirect in GitHub repository medialize/uri.js prior to 1.19.10.
CVE-2022-24723
- EPSS 0.15%
- Published 03.03.2022 21:15:07
- Last modified 21.11.2024 06:50:57
URI.js is a Javascript URL mutation library. Before version 1.19.9, whitespace characters are not removed from the beginning of the protocol, so URLs are not parsed properly. This issue has been patched in version 1.19.9. Removing leading whitespace ...
CVE-2022-0613
- EPSS 0.02%
- Published 16.02.2022 09:15:07
- Last modified 21.11.2024 06:39:01
Authorization Bypass Through User-Controlled Key in NPM urijs prior to 1.19.8.
CVE-2021-3647
- EPSS 0.18%
- Published 16.07.2021 11:15:11
- Last modified 21.11.2024 06:22:04
URI.js is vulnerable to URL Redirection to Untrusted Site
CVE-2021-27516
- EPSS 0.55%
- Published 22.02.2021 00:15:12
- Last modified 21.11.2024 05:58:08
URI.js (aka urijs) before 1.19.6 mishandles certain uses of backslash such as http:\/ and interprets the URI as a relative path.
CVE-2020-26291
- EPSS 0.58%
- Published 31.12.2020 00:15:12
- Last modified 21.11.2024 05:19:46
URI.js is a javascript URL mutation library (npm package urijs). In URI.js before version 1.19.4, the hostname can be spoofed by using a backslash (`\`) character followed by an at (`@`) character. If the hostname is used in security decisions, the d...