NA

CVE-2023-41049

Published: 01/09/2023 Updated: 06/09/2023
CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8
VMScore: 0

Vulnerability Summary

@dcl/single-sign-on-client is an open source npm library which deals with single sign on authentication flows. Improper input validation in the `init` function allows arbitrary javascript to be executed using the `javascript:` prefix. This vulnerability has been patched on version `0.1.0`. Users are advised to upgrade. Users unable to upgrade should limit untrusted user input to the `init` function.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

decentraland single sign on client