Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2022-48345

Published: 24/02/2023 Updated: 02/03/2023
CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8
VMScore: 0

Vulnerability Summary

sanitize-url (aka @braintree/sanitize-url) prior to 6.0.2 allows XSS via HTML entities.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

paypal braintree\\/sanitize-url

Vendor Advisories

Debian CVElist Bug Report Logs: node-mermaid: CVE-2022-48345
Debian Bug report logs - #1032313 node-mermaid: CVE-2022-48345 Package: src:node-mermaid; Maintainer for src:node-mermaid is Debian Javascript Maintainers <pkg-javascript-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 3 Mar 2023 15:54:01 UTC Severity: important Tags: ...
Red Hat:
Description<!---->A flaw was found in sanitize-url It does not correctly sanitize with colons, possibly leading to a Cross-site scripting riskA flaw was found in sanitize-url It does not correctly sanitize with colons, possibly leading to a Cross-site scripting risk ...

References

CWE-79https://github.com/braintree/sanitize-url/commit/d4bdc89f1743fe3cdb7c3f24b06e4c875f349b0chttps://github.com/braintree/sanitize-url/compare/v6.0.1...v6.0.2https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032313https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2022-48345
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380CVE-2024-1694local file inclusionCVE-2024-5645CVE-2024-24919XSSCVE-2024-36774CVE-2024-21306SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook