CERTCC/cveClient
GitHub
Releases0
Stars29
A client and library to cve-services 2.x to provide CVE management for CNA and CERTs
CVE History
| CVE | Published | CVSS v3 | CVSS v2 |
|---|---|---|---|
| 6.1 MEDIUM | — | ||
XSS vulnerability in cveInterface.js allows for inject HTML to be passed to display, as cveInterface trusts input from CVE API services | |||
| 7.5 HIGH | — | ||
The stored API keys in temporary browser client is not marked as protected allowing for JavScript console or other errors to allow for extraction of the encryption credentials. | |||