mirror of
https://github.com/0xMarcio/cve.git
synced 2025-11-28 18:48:49 +00:00
1.2 KiB
1.2 KiB
CVE-2024-32468
&color=brighgreen)
Description
Deno is a runtime for JavaScript and TypeScript written in rust. Several cross-site scripting vulnerabilities existed in the deno_doc crate which lead to Self-XSS with deno doc --html. 1.) XSS in generated search_index.js, deno_doc outputs a JavaScript file for searching. However, the generated file used innerHTML on unsanitzed HTML input. 2.) XSS via property, method and enum names, deno_doc did not sanitize property names, method names and enum names. The first XSS most likely didn't have an impact since deno doc --html is expected to be used locally with own packages.
POC
Reference
Github
No PoCs found on GitHub currently.