CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Decentraland: >> Single Sign On Client Security Vulnerabilities

CVE-2023-41049

@dcl/single-sign-on-client is an open source npm library which deals with single sign on authentication flows. Improper input validation in the `init` function allows arbitrary javascript to be executed using the `javascript:` prefix. This vulnerability has been patched on version `0.1.0`. Users are advised to upgrade. Users unable to upgrade should limit untrusted user input to the `init` function.

CVSS Score

7.5

EPSS Score

0.003

Published

2023-09-01

Page 1

Vulnerabilities

Vulnerable Software

Decentraland: >> Single Sign On Client Security Vulnerabilities

Products

Pricing

Contact Us