721 matches found
MGASA-2021-0269 Updated puddletag packages fix security vulnerability
The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injectio via the template function, particularly when a variable property is passed as an argument as it is not sanitized CVE-2021-23358...
Updated puddletag packages fix security vulnerability
The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injectio via the template function, particularly when a variable property is passed as an argument as it is not sanitized CVE-2021-23358...
GHSA-MM8J-9X84-M9CV Arbitrary code injection in json-sanitizer
OWASP json-sanitizer before 1.2.2 may emit closing SCRIPT tags and CDATA section delimiters for crafted input. This allows an attacker to inject arbitrary HTML or XML into embedding documents...
CVE-2021-23358 - Need to upgrade Underscore.js to 1.13.1 or higher
h3. Issue Summary Jira system is currently using underscore.js 1.9.1. However, it is being affected due to CVE-2021-23358|https://vulners.com/cve/CVE-2021-23358 The package underscore from 1.13.0-0 and before 1.13.0-2 From 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the...
SourceCodester Online Examination System 跨站脚本漏洞
SourceCodester Online Examination System is an online examination system from SourceCodester, Inc. in the United States. Worlds Online Examination System 1.0 suffers from a cross-site scripting vulnerability that can be exploited by an attacker to inject arbitrary code via the name field...
Cross site scripting
Persistent Cross-site scripting vulnerability on Fork CMS version 5.8.2 allows remote attackers to inject arbitrary Javascript code via the "navigationtitle" parameter and the "title" parameter in /private/en/pages/add...
OESA-2021-1174 nodejs-underscore security update
Underscore.js is a utility-belt library for JavaScript that provides support for the usual functional suspects each, map, reduce, filter... without extending any core JavaScript objects. Security Fixes: The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are...
Arbitrary Code Injection
Overview In xmlhttprequest-ssl before 1.6.2 when requests are sent synchronously async=False on xhr.open, malicious user input flowing into xhr.send could result in arbitrary code being injected and run. Recommendation Upgrade to version 1.6.2 or later References CVE GitHub Advisory...
GHSA-H4J5-C7CJ-74XG xmlhttprequest and xmlhttprequest-ssl vulnerable to Arbitrary Code Injection
This affects the package xmlhttprequest before 1.7.0; all versions of package xmlhttprequest-ssl. Provided requests are sent synchronously async=False on xhr.open, malicious user input flowing into xhr.send could result in arbitrary code being injected and run...
xmlhttprequest and xmlhttprequest-ssl vulnerable to Arbitrary Code Injection
This affects the package xmlhttprequest before 1.7.0; all versions of package xmlhttprequest-ssl. Provided requests are sent synchronously async=False on xhr.open, malicious user input flowing into xhr.send could result in arbitrary code being injected and run...
Ubuntu 21.04 : Underscore vulnerability (USN-4913-2)
The remote Ubuntu 21.04 host has packages installed that are affected by a vulnerability as referenced in the USN-4913-2 advisory. USN-4913-1 fixed vulnerabilities in Underscore. This update provides the corresponding updates for Ubuntu 21.04. Tenable has extracted the preceding description block...
Cross site scripting
Cross Site Scripting XSS in X2Engine X2CRM v6.9 and older allows remote attackers to execute arbitrary code by injecting arbitrary web script or HTML via the "New Name" field of the "Rename a Module" tool...
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : Underscore vulnerability (USN-4913-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4913-1 advisory. It was discovered that Underscore incorrectly handled certain inputs. An attacker could possibly use this issue to inject arbitrary code...
SiCKRAGE cross-site scripting vulnerability (CNVD-2021-29111)
SickRage is an automated video library manager for TV programs. A stored cross-site scripting vulnerability exists in SiCKRAGE version 4.2.0 - 10.0.11.dev1. The vulnerability stems from the server processing user input without properly validating user input. An attacker can exploit the...
CVE-2021-23358
The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized...
DEBIAN-CVE-2021-23358
The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized...
UBUNTU-CVE-2021-23358
The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized...
CVE-2021-23358
The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized...
CVE-2021-23358 Arbitrary Code Injection
The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized...
CVE-2021-23358 Arbitrary Code Injection
The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized...