We found results for “”
WS-2021-0074
Good to know:
Date: August 19, 2025
XSS vulnerability in MolecularFaces via malicious molfiles The viewer plugin implementation of <mol:molecule> renders molfile data directly inside a <script> tag without any escaping. Arbitrary JavaScript code can thus be executed in the client browser via crafted molfiles.
Language: Java
Severity Score
Severity Score
Weakness Type (CWE)
CVSS v3.1
| Base Score: |
|
|---|---|
| Attack Vector (AV): | NETWORK |
| Attack Complexity (AC): | LOW |
| Privileges Required (PR): | LOW |
| User Interaction (UI): | NONE |
| Scope (S): | UNCHANGED |
| Confidentiality (C): | LOW |
| Integrity (I): | LOW |
| Availability (A): | NONE |
Vulnerabilities
Projects
Contact Us


