Every CVE whose affected-product data names Sockjs Project Sockjs, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (2)
CVE-2020-8823 — CVSS 6.1 (medium): htmlfile in lib/transport/htmlfile.js in SockJS before 0.3.0 is vulnerable to Reflected XSS via the /htmlfile c (aka callback) parameter.
CVE-2020-7693 — CVSS 5.3 (medium): Incorrect handling of Upgrade header with the value websocket leads in crashing of containers hosting sockjs apps. This affects the package…