2341 matches found
MAL-2022-6223 Malicious code in sp-bootstrap (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 12ea0ed6eb9e952555479abaffce89b9ec1fabf26dab71f7e5fff8cf1b0ed57a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
GHSA-9266-J9V3-Q4J5 Couchbase Sync Gateway admin credentials not verified when using X.509 client cert authentication
An issue was discovered in Couchbase Sync Gateway 3.x before 3.0.2. Admin credentials are not verified when using X.509 client-certificate authentication from Sync Gateway to Couchbase Server. When Sync Gateway is configured to authenticate with Couchbase Server using X.509 client certificates, t...
Couchbase Sync Gateway admin credentials not verified when using X.509 client cert authentication
An issue was discovered in Couchbase Sync Gateway 3.x before 3.0.2. Admin credentials are not verified when using X.509 client-certificate authentication from Sync Gateway to Couchbase Server. When Sync Gateway is configured to authenticate with Couchbase Server using X.509 client certificates, t...
CVE-2022-32563
An issue was discovered in Couchbase Sync Gateway 3.x before 3.0.2. Admin credentials are not verified when using X.509 client-certificate authentication from Sync Gateway to Couchbase Server. When Sync Gateway is configured to authenticate with Couchbase Server using X.509 client certificates, t...
CVE-2022-32563
An issue was discovered in Couchbase Sync Gateway 3.x before 3.0.2. Admin credentials are not verified when using X.509 client-certificate authentication from Sync Gateway to Couchbase Server. When Sync Gateway is configured to authenticate with Couchbase Server using X.509 client certificates, t...
CVE-2022-32563
An issue was discovered in Couchbase Sync Gateway 3.x before 3.0.2. Admin credentials are not verified when using X.509 client-certificate authentication from Sync Gateway to Couchbase Server. When Sync Gateway is configured to authenticate with Couchbase Server using X.509 client certificates, t...
PYSEC-2022-207
An issue was discovered in Couchbase Sync Gateway 3.x before 3.0.2. Admin credentials are not verified when using X.509 client-certificate authentication from Sync Gateway to Couchbase Server. When Sync Gateway is configured to authenticate with Couchbase Server using X.509 client certificates, t...
Design/Logic Flaw
An issue was discovered in Couchbase Sync Gateway 3.x before 3.0.2. Admin credentials are not verified when using X.509 client-certificate authentication from Sync Gateway to Couchbase Server. When Sync Gateway is configured to authenticate with Couchbase Server using X.509 client certificates, t...
Cross-site Scripting in Bootstrap-3-Typeahead
Bootstrap-3-Typeahead after version 4.0.2 is vulnerable to a cross-site scripting flaw in the highlighter function. An attacker could exploit this via user interaction to execute code in the user's browser. This issue was introduced in commit dbd1af5bf and has not been fixed...
CVE-2019-13314
A password disclosure flaw was found in virt-bootstrap, version 1.1.0. Because virt-bootstrap accepts root password as a command line argument via --root-password option, the password could leak to other system users via process listing...
Cross-Site Scripting (XSS)
bootstrap-table is vulnerable to cross-site scripting. The vulnerability exists in onCellHtmlData when the exportOptions is set to true which allows an attacker to inject and execute maliciously crafted script...
CVE-2022-26650
CVE-2022-26650 (Apache ShenYu) concerns a denial of service caused by user-controllable inputs in ShenYu-Bootstrap’s RegexPredicateJudge.java, where Pattern.matches(conditionData.getParamValue(), realData) can be triggered by crafted regular expressions and characters. Affected versions are Apach...
Mayan EDMS multiple cross-site scripting (XSS) vulnerabilities
Multiple cross-site scripting XSS vulnerabilities in apps/common/templates/calculateformtitle.html in Mayan EDMS 0.13 allow remote authenticated users to inject arbitrary web script or HTML via a 1 tag or the 2 title of a source in a Staging folder, 3 Name field in a bootstrap setup, or Title fie...
com.jgeppert.struts2.bootstrap:struts2-bootstrap-plugin (>=2.0.2 <=2.0.4), com.jgeppert.struts2.bootstrap:struts2-bootstrap-showcase (>=2.0.2 <=2.0.4) +42 more potentially affected by CVE-2016-3082 via org.apache.struts:struts2-core (>=2.3.24 <=2.3.24.1)
org.apache.struts:struts2-core MAVEN version =2.3.24, =2.0.2, =2.0.2, =2.3.24, =2.3.24, =2.3.24, =2.3.24, =2.3.24, =2.3.24, =2.3.24, =2.3.24, =2.3.24, =2.3.24, =2.3.24, =2.3.24, =2.3.24, =2.3.24.1 and more Source cves: CVE-2016-3082 Source advisory: OSV:GHSA-PVM9-288C-V5WQ...
dn-bootstrap-table-mobile (=1.0.0) potentially affected by CVE-2022-1726 via bootstrap-table (=1.11.1)
bootstrap-table NPM version =1.11.1 is affected by a known vulnerability. The following packages have a transitive dependency on bootstrap-table and may be impacted: - dn-bootstrap-table-mobile =1.0.0 Source cves: CVE-2022-1726 Source advisory: OSV:GHSA-GRW5-G9H2-WPG8...
GHSA-GRW5-G9H2-WPG8 Cross-site Scripting in bootstrap-table
Bootstrap Tables XSS vulnerability with Table Export plug-in when exportOptions: htmlContent is true in GitHub repository wenzhixin/bootstrap-table prior to 1.20.2. Disclosing session cookies, disclosing secure session data, exfiltrating data to third-parties...
Cross-site Scripting in bootstrap-table
Bootstrap Tables XSS vulnerability with Table Export plug-in when exportOptions: htmlContent is true in GitHub repository wenzhixin/bootstrap-table prior to 1.20.2. Disclosing session cookies, disclosing secure session data, exfiltrating data to third-parties...
CVE-2022-1726
Bootstrap Tables XSS vulnerability with Table Export plug-in when exportOptions: htmlContent is true in GitHub repository wenzhixin/bootstrap-table prior to 1.20.2. Disclosing session cookies, disclosing secure session data, exfiltrating data to third-parties...
CVE-2022-1726
Bootstrap Tables XSS vulnerability with Table Export plug-in when exportOptions: htmlContent is true in GitHub repository wenzhixin/bootstrap-table prior to 1.20.2. Disclosing session cookies, disclosing secure session data, exfiltrating data to third-parties...
DEBIAN-CVE-2022-1726
Bootstrap Tables XSS vulnerability with Table Export plug-in when exportOptions: htmlContent is true in GitHub repository wenzhixin/bootstrap-table prior to 1.20.2. Disclosing session cookies, disclosing secure session data, exfiltrating data to third-parties...