Search Results (3 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-57439 1 Gchq 1 Cyberchef 2026-07-08 5 Medium
CyberChef is a web app for encryption, encoding, compression, and data analysis. Prior to 11.2.0, the Series Chart operation accepts __proto__ as a key while parsing user-supplied CSV, allowing prototype pollution that can be chained with operations such as Parse UDP to inject malicious JavaScript into HTML output. This issue is fixed in version 11.2.0.
CVE-2026-42615 1 Gchq 1 Cyberchef 2026-04-29 7.2 High
GCHQ CyberChef before 11.0.0 allows XSS via Show Base64 offsets, as demonstrated by the /#recipe=Show_Base64_offsets('%3Cscript substring.
CVE-2019-15532 1 Gchq 1 Cyberchef 2024-11-21 N/A
CyberChef before 8.31.2 allows XSS in core/operations/TextEncodingBruteForce.mjs.