7 matches found
PYSEC-2026-283 ArchiveBox Vulnerable to RCE via unvalidated per-crawl config overrides in AddView
The /add/ endpoint AddView in core/views.py accepts a config JSON field that gets merged into the crawl config without validation. This config is exported as environment variables when archive plugins run, allowing injection of arbitrary tool arguments to achieve RCE. When PUBLICADDVIEW=True comm...
CVE-2026-42601 ArchiveBox Vulnerable to RCE via unvalidated per-crawl config overrides in AddView
ArchiveBox is an open source self-hosted web archiving system. In versions 0.8.6rc0 and prior, the /add/ endpoint AddView in core/views.py accepts a config JSON field that gets merged into the crawl config without validation. This config is exported as environment variables when archive plugins...
Arbitrary Argument Injection
Overview archivebox is a The self-hosted internet archive. Affected versions of this package are vulnerable to Arbitrary Argument Injection via the AddView class. An attacker can execute arbitrary code on the server by submitting specially crafted configuration overrides to the /add/ endpoint,...
GHSA-3H23-7824-PJ8R ArchiveBox Vulnerable to RCE via unvalidated per-crawl config overrides in AddView
The /add/ endpoint AddView in core/views.py accepts a config JSON field that gets merged into the crawl config without validation. This config is exported as environment variables when archive plugins run, allowing injection of arbitrary tool arguments to achieve RCE. When PUBLICADDVIEW=True comm...
CVE-2002-0032
Yahoo! Messenger 5,0,0,1064 and earlier allows remote attackers to execute arbitrary script as other users via the addview parameter of a ymsgr URI...
CVE-2002-0032
Yahoo! Messenger 5,0,0,1064 and earlier allows remote attackers to execute arbitrary script as other users via the addview parameter of a ymsgr URI...
Yahoo! Messenger "addview" function allows for the automatic execution of malicious script contained in web pages
Overview Yahoo! Messenger is an instant messaging client. When installed, Yahoo! Messenger enables a URI handler ymsgr :parameter. The addview function of this handler can be used to execute arbitrary script/html on the local system. Description The addview feature of Yahoo! Messenger is used to...