Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Hello.js Project Subscribe
Filtered by product Hello.js
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-26505 1 Hello.js Project 1 Hello.js 2024-11-21 N/A 9.8 CRITICAL
Prototype pollution vulnerability in MrSwitch hello.js version 1.18.6, allows remote attackers to execute arbitrary code via hello.utils.extend function.
CVE-2020-7741 1 Hello.js Project 1 Hello.js 2024-11-21 7.5 HIGH 9.9 CRITICAL
This affects the package hellojs before 1.18.6. The code get the param oauth_redirect from url and pass it to location.assign without any check and sanitisation. So we can simply pass some XSS payloads into the url param oauth_redirect, such as javascript:alert(1).

NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024