27 matches found
Nuclei: Local File Read via require() Module Loader Bypass
A vulnerability in Nuclei's JavaScript protocol runtime allows JavaScript templates to read local .js and .json files through the require function, bypassing the default local file access restriction. Affected Component The issue is in the JavaScript runtime's module loading system. The goja...
EUVD-2018-0391
Malware in sbrugna...
EUVD-2024-49757
Malicious code in bioql PyPI...
CVE-2024-9146
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in jamesdlow CSS JS Files css-js-files allows Path Traversal.This issue affects CSS JS Files: from n/a through = 1.5.0...
CVE-2024-1341
The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's advancediframe shortcode in all versions up to, and including, 2024.1 due to the plugin allowing users to include JS files from external sources through the additionaljs attribute. This makes it...
PT-2025-9042 · Syspass · Syspass
Name of the Vulnerable Software and Affected Versions: SysPass versions 3.2.x Description: A host header injection vulnerability in SysPass allows an attacker to load malicious JS files from an arbitrary domain, which would be executed in the victim's browser. Recommendations: For SysPass version...
CVE-2024-9146
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in jamesdlow CSS JS Files css-js-files allows Path Traversal.This issue affects CSS JS Files: from n/a through = 1.5.0...
CVE-2024-9146
CVE-2024-9146: WordPress plugin CSS JS Files <= 1.5.0 is affected by a path traversal vulnerability that could allow reading restricted files. Affected versions are listed as
CVE-2024-9146 WordPress CSS JS Files plugin <= 1.5.0 - Directory Traversal to File Read vulnerability
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in jamesdlow CSS JS Files css-js-files allows Path Traversal.This issue affects CSS JS Files: from n/a through = 1.5.0...
CVE-2024-9146 WordPress CSS JS Files plugin <= 1.5.0 - Directory Traversal to File Read vulnerability
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in jamesdlow CSS JS Files css-js-files allows Path Traversal.This issue affects CSS JS Files: from n/a through = 1.5.0...
CVE-2024-1341 Advanced iFrame <= 2024.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's advancediframe shortcode in all versions up to, and including, 2024.1 due to the plugin allowing users to include JS files from external sources through the additionaljs attribute. This makes it...
HackerOne: Google Docs link in JS files allows editing & reading survey information
A Google Docs link was discovered in JavaScript files on a website allowing editing and reading of survey information. The link provided access to edit a survey and view some users' emails and responses...
QakBot's Endgame: The Final Move Before the Takedown
QakBot's Endgame: The Final Move Before the Takedown By Daksh Kapur, Nico Paulo Yturriaga and Alfred Alvarado · September 06, 2023 Figure 1 Attribution at the bottom Qakbot, known under aliases like QBot, QuakBot, and Pinkslipbot, represents an intricately advanced malware strain that has...
EndExt - Go Tool For Extracting All The Possible Endpoints From The JS Files
EndExt is a .go tool for extracting all the possible endpoints from the JS files Idea When you crawll all the JS files from waybackruls for example, or even collecting the JS files urls from your target website's home source page .. If the website was using API system and you wanna look for all t...
AMBER AI: I found some api keys in js files ,huge leak of token addresses and huge amount of js files are not forbidden
Summary: Huge leak of token addresses in be.whalefin.com and huge leak of js files Steps To Reproduce: add details for how we can reproduce the issue 1. You can see huge leak of token addresses in below site https://be-jp.whalefin.com/common-config/v1/config/coin/all-config Please check poc...
XSS Injection in Media Collection Title was possible
Impact A logged in admin user was possible to add a script injection XSS in the collection title which was executed. Workarounds Manual patching the js files. For more information If you have any questions or comments about this advisory:' - Email us at [email protected]...
Local File Inclusion
larvitbase-www is vulnerable to local file inclusion. The package uses an exposed API endpoint that accepts an unvalidated GET parameter to a require function call. This could potentially allow a remote attacker to execute any .js files within the web server. Successful exploitation causes the...
CVE-2015-9339
The wp-file-upload plugin before 2.7.1 for WordPress has insufficient restrictions on upload of .js files...
Arbitrary File Inclusion
kibana is vulnerable to arbitrary file inclusion attacks. The vulnerability exists through the Kibana Console API where a request can be sent to include external JS files which could possibly result in executing arbitrary commands...
CVE-2018-6389
In WordPress through 4.9.2, unauthenticated attackers can cause a denial of service resource consumption by using the large list of registered .js files from wp-includes/script-loader.php to construct a series of requests to load every file many times...