Browse all 7 CVE security advisories affecting medialize. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Medialize is an open-source PHP library primarily used for URL manipulation and HTTP request handling in web applications. Historically, it has been susceptible to multiple remote code execution vulnerabilities, often stemming from unsafe deserialization and improper input validation. Cross-site scripting (XSS) and privilege escalation flaws have also been commonly recorded, with several CVEs documenting these weaknesses. The library's security posture has been inconsistent, with multiple critical vulnerabilities discovered over time, including some that allow attackers to execute arbitrary code or bypass security controls. While no major public incidents have been widely reported, the significant number of CVEs indicates potential risks for implementations lacking proper input sanitization and secure configuration practices.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2022-1243 | CRHTLF can lead to invalid protocol extraction potentially leading to XSS in medialize/uri.js — medialize/uri.jsCWE-20 | 6.1 | - | 2022-04-05 |
| CVE-2022-1233 | URL Confusion When Scheme Not Supplied in medialize/uri.js — medialize/uri.jsCWE-115 | 5.4 | - | 2022-04-04 |
| CVE-2022-0868 | Open Redirect in medialize/uri.js — medialize/uri.jsCWE-601 | 6.1 | - | 2022-03-06 |
| CVE-2022-24723 | Improper Input Validation in URI.js — URI.jsCWE-20 | 5.3 | Medium | 2022-03-03 |
| CVE-2022-0613 | Authorization Bypass Through User-Controlled Key in medialize/uri.js — medialize/uri.jsCWE-639 | 7.4 | - | 2022-02-16 |
| CVE-2021-3647 | Open Redirect in medialize/URI.js — medialize/URI.jsCWE-601 | 6.1 | - | 2021-07-16 |
| CVE-2020-26291 | Hostname spoofing in URI.js — URI.jsCWE-20 | 6.5 | Medium | 2020-12-30 |
This page lists every published CVE security advisory associated with medialize. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.