While working on openui project, I reviewed the dependency manifest and identified that it uses a vulnerable version of unhead. During analysis, I found that the useHeadSafe() function can be bypassed using specially crafted inputs with leading-zero padded HTML entities.
CVE Report
CVE Link
While working on openui project, I reviewed the dependency manifest and identified that it uses a vulnerable version of unhead. During analysis, I found that the useHeadSafe() function can be bypassed using specially crafted inputs with leading-zero padded HTML entities.
CVE Report
CVE Link