Vulnerabilities
Projects
Vulnerability Disclosure
About Us
Contact Us
Mend.io Vulnerability Database
What is a WS vulnerability ID?
What is an MSC vulnerability ID?
We found results for “”
WS-2017-0268
Good to know:
Date: May 25, 2017
Both Firefox and Safari are vulnerable to XSS if we use an inert document created via `document.implementation.createHTMLDocument()`.
Language: JS
Severity Score
Severity Score
Weakness Type (CWE)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-79Top Fix
Upgrade Version
Upgrade to version coresys/corelibrary - no_fix;angular - v1.5.10-build.5161+sha.d7cc863;angular - v1.4.7-build.4242+sha.4dd10fd;angular - v1.3.3-build.3534+sha.b6fd184;angular - v1.4.11;angular - v1.0.7;angular - v1.6.4-build.5311+sha.1daa4f2;angular - v1.2.27-build.491+sha.07d6242;angular - v1.5.9-build.191+sha.ad3a1f9;angular - v1.5.7-build.4837+sha.f58d4fb;angular - v1.2.0-rc.1;angular - v1.6.2-build.5218+sha.ee1458f;angular - v1.6.1-build.5188+sha.1b7ddd3;angular - v1.2.17-build.100+sha.feb54d6;angular - v1.4.9-build.1+sha.7882c1c;angular - v1.5.6-build.4757+sha.c3de164;angular - v1.6.5-build.5352+sha.06516d7;angular - v1.3.18-build.129+sha.8bd59a5;angular - v1.5.8-build.4886+sha.ff5f645;angular - v1.3.0-beta.1;angular - v1.3.10-build.17+sha.bf55d76;angular - v1.4.6-build.4194+sha.170cd96;angular - v1.3.16-build.100+sha.d5c99ea;angular - v1.5.4-build.4699+sha.bd7d5f6;angular - v1.3.21-build.153+sha.a9ecde1;angular - v1.5.1-build.4591+sha.75f23f0;angular - v1.6.3-build.5293+sha.b7ee5ee;angular - v1.2.30-build.604+sha.34e5623;angular - v1.4.4-build.4102+sha.528ceda;angular - v1.5.0-beta.0;opis-assets/angular - 1.5.9;dmstr/yii2-filemanager-widgets - dev-feature/filemanager-thumbnails-update;dmstr/yii2-filemanager-widgets - dev-master;dmstr/yii2-filemanager-widgets - no_fix;dmstr/yii2-filemanager-widgets - dev-feature/bugfix;calibrate/civicrm-libraries - v1.0;happycoding/civicrm-core-for-drupal - no_fix;neoslive/hybridsearch - 1.0.1;neoslive/hybridsearch - no_fix;colorgap/bowyer - v0.2.0;angular - 1.6.5;prestiggio/medias - no_fix;angularjs - 1.6.5;larakit/sf-angular-sanitize - no_fix;happycoding/civicrm-library-for-drupal - no_fix;colorgap/brush - v0.2.0;kewljuice/civicrm-libraries - no_fix;AngularJS.Sanitize - 1.6.5;org.webjars.bower:github-com-angular-angular-js:v1.5.8;org.webjars.bower:angular-patternfly:no_fix;org.webjars.bower:angular-patternfly:3.23.1;org.webjars.bower:angular-latest:1.3.16;org.webjars.bower:angular-latest:1.6.4;org.webjars.bower:angulerjs:1.4.0-beta.0;org.webjars.bower:angulerjs:1.4.0-rc.2;org.webjars.bower:angular-sanitize:1.6.5;org.webjars.bower:angular-sanitize:1.5.10;org.webjars:angularjs:1.6.6;org.webjars.npm:angular-sanitize:1.6.5;org.webjars.npm:angular-patternfly:5.0.1;org.webjars.bowergithub.angular:bower-angular-sanitize:1.6.0-rc.2;org.webjars.bower:angular-1.1.6:1.4.0-beta.6
CVSS v3.1
| Base Score: |
|
|---|---|
| Attack Vector (AV): | NETWORK |
| Attack Complexity (AC): | LOW |
| Privileges Required (PR): | NONE |
| User Interaction (UI): | REQUIRED |
| Scope (S): | CHANGED |
| Confidentiality (C): | LOW |
| Integrity (I): | NONE |
| Availability (A): | NONE |