24 matches found
ROOT-APP-NPM-CVE-2015-9235 CVE-2015-9235 in @rootio/jsonwebtoken - Patched by Root
Root has patched CVE-2015-9235 in the @rootio/jsonwebtoken package for Root:npm. Multiple fixed versions available...
CVE-2025-9235
CVE-2025-9235 affects Scada-LTS up to 2.7.8.1, where manipulation of the Name parameter in the file compound_events.shtm causes cross-site scripting. The vulnerability can be exploited remotely, and an exploit/public PoC has been published. Root cause: improper handling of the Name argument in th...
CVE-2020-9235
Huawei smartphones HONOR 20 PRO Versions earlier than 10.1.0.230C432E9R5P1,Versions earlier than 10.1.0.231C10E3R3P2,Versions earlier than 10.1.0.231C185E3R5P1,Versions earlier than 10.1.0.231C636E3R3P1;Versions earlier than 10.1.0.212C432E10R3P4,Versions earlier than 10.1.0.213C636E3R4P3,Version...
CVE-2019-9235
In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-122323053...
CVE-2024-9235
The Mapster WP Maps plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to an insufficient capability check on the mapsterwpmapssetoptionfromjs function in all versions up to, and including, 1.5.0. This makes it possible for...
CVE-2015-9235
creationtimestamp| type| source ---|---|--- 2025-01-27 22:00:06+00:00| published-proof-of-concept| Telegram/IIMMVR0y14HHoe0fDF24Y-XgfvnmWXYVKaXhSDz5tV5TerE 2025-01-28 13:54:03+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/11760 2025-02-05 19:34:25+00:00| published-proof-of-concept...
CVE-2024-9235
creationtimestamp| type| source ---|---|--- 2024-10-25 10:23:24+00:00| seen| https://t.me/cvedetector/8892...
CVE-2024-9235 Mapster WP Maps <= 1.5.0 - Incorrect Authorization to Authenticated (Contributor+) Arbitrary Options Update
The Mapster WP Maps plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to an insufficient capability check on the mapsterwpmapssetoptionfromjs function in all versions up to, and including, 1.5.0. This makes it possible for...
WordPress Mapster WP Maps Plugin <= 1.5.0 is vulnerable to Settings Change
Software Mapster WP Maps Type Plugin Vulnerable versions = 1.5.0 Fixed in 1.6.0 OWASP Top 10 A3: Injection Classification Settings Change CVE CVE-2024-9235 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID b9bebd7cfde8 Credits Sean Murphy Required privilege Contributor...
CVE-2020-9235
CVE-2020-9235 affects Huawei HONOR 20 PRO devices with information disclosure due to a design-level input-control flaw in multiple firmware versions. Affected versions include various 10.x builds (e.g., 10.1.0.230/231/212/213/214/160/225, across several codenames), with exploitation leading to pa...
CVE-2019-9235
In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-122323053...
@irjudson/nitrogen-mongodb-providers (=0.3.7), ah-auth-plugin (=0.0.1) +101 more potentially affected by CVE-2015-9235 via jsonwebtoken (>=0.1.0 <=4.0.0)
jsonwebtoken NPM version =0.1.0, =0.0.2, =0.1.0, =0.0.7, =0.0.4, =1.0.0, =0.1.0, =0.0.1, =0.0.0, =0.0.2 and more Source cves: CVE-2015-9235 Source advisory: OSV:GHSA-C7HR-J4MJ-J2W6...
CVE-2015-9235
CVE-2015-9235 affects the jsonwebtoken Node.js module (pre-4.2.2). The vulnerability allows bypass of token verification when a token signed with RS/ES (asymmetric) is presented but validated with a symmetric HS* algorithm due to weak validation of the JWT algorithm type. This leads to potential ...
iScripts SonicBB 1.0 Cross Site Scripting
Exploit Title: iScripts SonicBB 1.0 - Reflected Cross-Site Scripting Date: 02/04/2018 Exploit Author: ManhNho Vendor Homepage: https://www.iscripts.com Demo Page: https://www.demo.iscripts.com/sonicbb/demo/ Version: 1.0 Tested on: Windows 10 Category: Webapps CVE: CVE-2018-9235 1. Description...
iScripts SonicBB 1.0 - Reflected Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: iScripts SonicBB 1.0 - Reflected Cross-Site Scripting Exploit Author: ManhNho Vendor Homepage: https://www.iscripts.com Demo Page: https://www.demo.iscripts.com/sonicbb/demo/ Version: 1.0 Tested on: Windows 10 Category: Webapps...
iScripts SonicBB 1.0 - Reflected Cross-Site Scripting (PoC)
Exploit Title: iScripts SonicBB 1.0 - Reflected Cross-Site Scripting Date: 02/04/2018 Exploit Author: ManhNho Vendor Homepage: https://www.iscripts.com Demo Page: https://www.demo.iscripts.com/sonicbb/demo/ Version: 1.0 Tested on: Windows 10 Category: Webapps CVE: CVE-2018-9235 1. Description...
CVE-2018-9235
iScripts SonicBB 1.0 has Reflected Cross-Site Scripting via the query parameter to search.php...
CVE-2018-9235
iScripts SonicBB 1.0 has Reflected Cross-Site Scripting via the query parameter to search.php...
CVE-2018-9235
iScripts SonicBB 1.0 has Reflected Cross-Site Scripting via the query parameter to search.php...
CVE-2018-9235
CVE-2018-9235 affects iScripts SonicBB 1.0. The vulnerability is a Reflected Cross-Site Scripting via the query parameter to search.php, enabling injection of arbitrary script/HTML. Public materials describe a PoC and an exploit for the vulnerable URL (search.php?query=...). The CNVD entry notes ...