VYPR

Go modules package

github.com/hahwul/dalfox/v2

pkg:golang/github.com/hahwul/dalfox/v2

Vulnerabilities (4)

  • CVE-2026-45090HigMay 27, 2026
    affected < 2.13.0fixed 2.13.0

    Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, ParameterAnalysis in pkg/scanning/parameterAnalysis.go runs two sequential worker stages that both write to the same results channel. The channel is correctly closed after the first s

  • CVE-2026-45089HigMay 27, 2026
    affected < 2.13.0fixed 2.13.0

    Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, when dalfox is run in REST API server mode, the output, output-all, and debug fields in model.Options are JSON-tagged and deserialized directly from the attacker's request body, then

  • CVE-2026-45088HigMay 27, 2026
    affected < 2.13.0fixed 2.13.0

    Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, when dalfox is run in REST API server mode, the custom-payload-file field in model.Options is JSON-tagged and deserialized directly from the attacker's request body, then propagated u

  • CVE-2026-45087CriMay 27, 2026
    affected < 2.13.0fixed 2.13.0

    Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, when dalfox is started in REST API server mode (dalfox server), the server binds to 0.0.0.0:6664 by default and requires no API key unless the operator explicitly passes --api-key. Be