[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247768

 
 

909

 
 

194555

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 246318 Download | Alert*

There is a possible XSS vulnerability in all rails-html-sanitizer gem versions below 1.0.4 for Ruby. The gem allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments, and these attributes can lead to an XSS attack on target applications. This issue is similar to CVE-2018-8048 in Loofah. All users running an affected release should either ...

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-3745. Reason: This candidate is a reservation duplicate of CVE-2018-3745. Notes: All CVE users should reference CVE-2018-3745 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage

Open redirect in hekto <=0.2.3 when target domain name is used as html filename on server.

The html-pages node module contains a path traversal vulnerabilities that allows an attacker to read any file from the server with cURL.

atob 2.0.3 and earlier allocates uninitialized Buffers when number is passed in input on Node.js 4.x and below.

The pdfinfojs NPM module versions <= 0.3.6 has a command injection vulnerability that allows an attacker to execute arbitrary commands on the victim's machine.

The public node module versions <= 1.0.3 allows to embed HTML in file names, which (in certain conditions) might lead to execute malicious JavaScript.

There is a Stored XSS vulnerability in the glance node module versions <= 3.0.5. File name, which contains malicious HTML (eg. embedded iframe element or javascript: pseudo-protocol handler in <a> element) allows to execute JavaScript code against any user who opens a directory listing containing such crafted file name.

The utilities function in all versions < 1.0.1 of the deap node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects.

The utilities function in all versions <= 0.5.0 of the deep-extend node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects.


Pages:      Start    10076    10077    10078    10079    10080    10081    10082    10083    10084    10085    10086    10087    10088    10089    ..   24631

© SecPod Technologies