CVE-2023-33962

JStachio is a type-safe Java Mustache templating engine. Prior to version 1.0.1, JStachio fails to escape single quotes ' in HTML, allowing an attacker to inject malicious code. This vulnerability can be exploited by an attacker to execute arbitrary JavaScript code in the context of other users...

CVE-2024-33962

creationtimestamp| type| source ---|---|--- 2024-08-06 15:00:56+00:00| seen| https://t.me/cvedetector/2569...

CVE-2024-33962 SQL injection in Janobe products

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'code' in...

dk.mada.jaxrs:openapi-jaxrs-client (>=0.9.12 <=0.9.17), io.jooby:jooby-jstachio (>=3.0.0.M7 <=3.0.0.M9) +6 more potentially affected by CVE-2023-33962 via io.jstach:jstachio (>=0.10.0 <=1.0.0)

io.jstach:jstachio MAVEN version =0.10.0, =0.9.12, =3.0.0.M7, =0.6.0, =0.8.0, =0.8.0, =0.10.0, =0.10.0, =0.10.0, =1.0.0 Source cves: CVE-2023-33962 Source advisory: OSV:GHSA-GWXV-JV83-6QJR...

CVE-2023-33962

creationtimestamp| type| source ---|---|--- 2023-05-31 02:23:58+00:00| seen| https://t.me/cibsecurity/64800 2025-01-10 17:03:49+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/1172 2025-08-21 21:02:38+00:00| seen|...

CVE-2023-33962 JStachio XSS vulnerability: Unescaped single quotes

JStachio is a type-safe Java Mustache templating engine. Prior to version 1.0.1, JStachio fails to escape single quotes ' in HTML, allowing an attacker to inject malicious code. This vulnerability can be exploited by an attacker to execute arbitrary JavaScript code in the context of other users...

CVE-2023-33962

CVE-2023-33962 (JStachio) : The vulnerability affects the JStachio Java Mustache templating engine prior to version 1.0.1, where single quotes in HTML are not escaped. This can allow an attacker to inject malicious code and potentially execute arbitrary JavaScript in the context of other users vi...

K80970653: BIG-IP iRules vulnerability CVE-2022-33962

Security Advisory Description The 'node' iRules command may allow an attacker to bypass the access control restrictions for a self IP address, regardless of the port lockdown settings.CVE-2022-33962 Impact This vulnerability may allow an authenticated attacker with the iRule Manager role to creat...

CVE-2022-33962

CVE-2022-33962 affects BIG-IP iRules: the node command may bypass access controls on a self IP, enabling privilege escalation for an authenticated attacker with iRules Manager role. Affected branches include BIG-IP all modules: 17.x (vulnerable), 16.x, 15.x, 14.x, and 13.x. Remediation: apply fix...

F5 Networks BIG-IP : BIG-IP iRules vulnerability (K80970653)

The version of F5 Networks BIG-IP installed on the remote host is prior to 14.1.5.1 / 15.1.6.1 / 16.1.3.1 / 17.0.0.1 / 17.1.0. It is, therefore, affected by a vulnerability as referenced in the K80970653 advisory. - In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before...

CVE-2021-33962

creationtimestamp| type| source ---|---|--- 2022-01-14 14:24:59+00:00| seen| https://t.me/cibsecurity/35492...

CVE-2021-33962

China Mobile An Lianbao WF-1 router v1.0.1 is affected by an OS command injection vulnerability in the web interface component /api/ZRUsb/pop_usb_device. The issue originates from a lack of proper command filtering and escaping in the web interface, enabling an attacker to inject OS commands. The...