A DOM based cross-site scripting (XSS) vulnerability in the component generator.html of tabatkins/railroad-diagrams before commit ea9a123 allows attackers to execute arbitrary Javascript via sending a crafted URL.
References
| Link | Resource |
|---|---|
| https://gist.github.com/cd80/50463b0e62067ec861b7006cbf46b068 | Third Party Advisory |
| https://gist.github.com/cd80/50463b0e62067ec861b7006cbf46b068 | Third Party Advisory |
Configurations
History
02 Jun 2025, 13:46
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://gist.github.com/cd80/50463b0e62067ec861b7006cbf46b068 - Third Party Advisory | |
| CPE | cpe:2.3:a:tabatkins:railroad-diagram_generator:*:*:*:*:*:*:*:* | |
| First Time |
Tabatkins railroad-diagram Generator
Tabatkins |
21 Nov 2024, 09:02
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://gist.github.com/cd80/50463b0e62067ec861b7006cbf46b068 - |
31 Oct 2024, 15:35
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-79 | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.1 |
| Summary |
|
26 Feb 2024, 16:32
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2024-02-26 16:27
Updated : 2025-06-02 13:46
NVD link : CVE-2024-26467
Mitre link : CVE-2024-26467
CVE.ORG link : CVE-2024-26467
JSON object : View
Products Affected
tabatkins
- railroad-diagram_generator
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')