← Back

Ext Js

ext_js

Vendor: Sencha • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2007-6758
1Sencha
1Ext Js
Nov 21, 2024
Jan 23, 2020
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
Server-side request forgery (SSRF) vulnerability in feed-proxy.php in extjs 5.0.0.
CVE-2018-8046
1Sencha
1Ext Js
Nov 21, 2024
Jul 5, 2018
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
The getTip() method of Action Columns of Sencha Ext JS 4 to 6 before 6.6.0 is vulnerable to XSS attacks, even when passed HTML-escaped data. This framework brings no built-in XSS protection, so the developer has to ensur...Show more
The getTip() method of Action Columns of Sencha Ext JS 4 to 6 before 6.6.0 is vulnerable to XSS attacks, even when passed HTML-escaped data. This framework brings no built-in XSS protection, so the developer has to ensure that data is correctly sanitized. However, the getTip() method of Action Columns takes HTML-escaped data and un-escapes it. If the tooltip contains user-controlled data, an attacker could exploit this to create a cross-site scripting attack, even when developers took precautions and escaped data.Show less