@hello10/jump-server (>=1.0.0 <=1.1.3) potentially affected by unknown CVE via apollo-server-cloud-functions (=2.13.0)

apollo-server-cloud-functions NPM version =2.13.0 is affected by a known vulnerability. The following packages have a transitive dependency on apollo-server-cloud-functions and may be impacted: - @hello10/jump-server =1.0.0, =1.1.3 Source cves: unknown CVE Source advisory: OSV:GHSA-W42G-7VFC-XF37...

@bakjs/graphql (>=2.0.0 <=2.2.0), @clevyr/pavo-hapi-graphql (>=0.0.1 <=0.0.5) +14 more potentially affected by unknown CVE via apollo-server-hapi (>=1.2.0 <=1.4.0)

apollo-server-hapi NPM version =1.2.0, =2.0.0, =0.0.1, =0.1.0, =1.0.0, =0.0.51, =3.0.0, =1.0.2, =1.0.1, =0.2.2, =0.2.37 - trailpack-apollo =3.0.0-alpha.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-W42G-7VFC-XF37...

@aifedespaix/fdp-api-libs (=1.0.7), @jovercao/egg-graphql (>=0.1.0 <=0.1.13) +1 more potentially affected by unknown CVE via apollo-server-cache-memcached (=0.6.7)

apollo-server-cache-memcached NPM version =0.6.7 is affected by a known vulnerability. The following packages have a transitive dependency on apollo-server-cache-memcached and may be impacted: - @aifedespaix/fdp-api-libs =1.0.7 - @jovercao/egg-graphql =0.1.0, =0.0.58-alpha.6, =0.0.58-alpha.17...

Introspection in schema validation in Apollo Server

We encourage all users of Apollo Server to read this advisory in its entirety to understand the impact. The Resolution section contains details on patched versions. Impact If subscriptions: false is passed to the ApolloServer constructor options, there is no impact. If implementors were not...

apollo-magazine.com Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1164096 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website...

Cross-site Scripting (XSS)

github.com/ctripcorp/apollo is vulnerable to cross-site scripting XSS attacks. The library does not properly escape the variable valueWithHiddenChars in showHiddenChars function in item-modal-directive.js, allowing a malicious user to inject and execute malicious web scripts...

GHSA-2P6P-V69P-9MM9 XSS in login form

In the Alkacon OpenCms Apollo Template 10.5.4 and 10.5.5, there is XSS in the Login form...

XSS in login form

In the Alkacon OpenCms Apollo Template 10.5.4 and 10.5.5, there is XSS in the Login form...

GHSA-FXP8-7H5W-H235 XSS in search engine

In the Alkacon OpenCms Apollo Template 10.5.4 and 10.5.5, there is XSS in the search engine...

XSS in search engine

In the Alkacon OpenCms Apollo Template 10.5.4 and 10.5.5, there is XSS in the search engine...

Alkacon OpenCMS 10.5.x - Cross-Site Scripting Vulnerability

Exploit for multiple platform in category web applications Exploit Title: Alkacon OpenCMS 10.5.x - Multiple XSS in Apollo Template Exploit Author: Aetsu Vendor Homepage: http://www.opencms.org Software Link: https://github.com/alkacon/apollo-template Version: 10.5.x Tested on: 10.5.5 / 10.5.4 CVE...

Alkacon OpenCMS 10.5.x - Cross-Site Scripting

Exploit Title: Alkacon OpenCMS 10.5.x - Multiple XSS in Apollo Template Google Dork: N/A Date: 18/07/2019 Exploit Author: Aetsu Vendor Homepage: http://www.opencms.org Software Link: https://github.com/alkacon/apollo-template Version: 10.5.x Tested on: 10.5.5 / 10.5.4 CVE : CVE-2019-13234,...

Alkacon OpenCMS 10.5.x Cross Site Scripting

Exploit Title: Alkacon OpenCMS 10.5.x - Multiple XSS in Apollo Template Google Dork: N/A Date: 18/07/2019 Exploit Author: Aetsu Vendor Homepage: http://www.opencms.org Software Link: https://github.com/alkacon/apollo-template Version: 10.5.x Tested on: 10.5.5 / 10.5.4 CVE : CVE-2019-13234,...

CVE-2019-13235

In the Alkacon OpenCms Apollo Template 10.5.4 and 10.5.5, there is XSS in the Login form...

CVE-2019-13234

In the Alkacon OpenCms Apollo Template 10.5.4 and 10.5.5, there is XSS in the search engine...

CVE-2019-13234

In the Alkacon OpenCms Apollo Template 10.5.4 and 10.5.5, there is XSS in the search engine...

CVE-2019-13235

In the Alkacon OpenCms Apollo Template 10.5.4 and 10.5.5, there is XSS in the Login form...

Code injection

In the Alkacon OpenCms Apollo Template 10.5.4 and 10.5.5, there is XSS in the Login form...

Code injection

In the Alkacon OpenCms Apollo Template 10.5.4 and 10.5.5, there is XSS in the search engine...

CVE-2019-13235

CVE-2019-13235 affects Alkacon OpenCms Apollo Template 10.5.4 and 10.5.5, with a Cross-Site Scripting (XSS) flaw in the login form. Public sources describe the vulnerability as an XSS in the login workflow, with PoCs showing injection potentially via headers like X-Forwarded-For. NVD metrics list...