CVE-2020-7749 – This affects all versions of package osm-static-maps. User input given to the package is p …

20 October 2020

Vuln ID: CVE-2020-7749

Published: 2020-10-20 11:15:12Z

Description: This affects all versions of package osm-static-maps. User input given to the package is passed directly to a template without escaping ({{{ … }}}). As such, it is possible for an attacker to inject arbitrary HTML/JS code and depending on the context. It will be outputted as an HTML on the page which gives opportunity for XSS or rendered on the server (puppeteer) which also gives opportunity for SSRF and Local File Read.

Source: NVD.NIST.GOV

Date:

20 October 2020

Categorie(s):

NVD

Tag(s):

NVD

Node.js in Security? Don’t Get Hacked – Secure Your Code Now! 25 April 2024
Authorities Warned that Hackers Are Exploiting Flaws in CISCO ASA VPNs25 April 2024
Hackers Exploit Cisco Firewall Zero-Days to Hack Government Networks25 April 2024
A Comprehensive Cyber Guide: Best Practices for Small Businesses25 April 2024
Applying DevSecOps principles to machine learning workloads25 April 2024