PT-2023-12182 · Unknown+1 · Jquery Minicolors+1

Erik Krogh Kristensen

+1

·

Publicado

2023-02-20

·

Atualizado

2024-02-29

·

CVE-2021-32850

CVSS v3.1

6.1

Média

VetorAV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions jQuery MiniColors versions prior to 2.3.6
Description The issue is related to cross-site scripting when handling untrusted color names. This can be exploited due to the lack of proper input validation in jQuery MiniColors.
Recommendations For versions prior to 2.3.6, update to version 2.3.6 to resolve the issue. As a temporary workaround, consider validating and sanitizing color names to prevent cross-site scripting attacks.

Exploit

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2021-32850
GHSA-CRH5-VV2V-C82Q
MGASA-2024-0052

Produtos afetados

Debian
Jquery Minicolors