30 matches found
EUVD-2022-38030
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2022-35133
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A cross-site scripting XSS vulnerability in CherryTree v0.99.30 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into th...
OPENSUSE-SU-2024:12330-1 cherrytree-0.99.49+3-1.1 on GA media
These are all security issues fixed in the cherrytree-0.99.49+3-1.1 package on the GA media of openSUSE Tumbleweed...
Mageia: Security Advisory (MGASA-2024-0074)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
MGASA-2024-0074 Updated cherrytree packages fix security vulnerability
A cross-site scripting XSS vulnerability in CherryTree v0.99.30 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field when creating a node. CVE-2022-35133...
Updated cherrytree packages fix security vulnerability
A cross-site scripting XSS vulnerability in CherryTree v0.99.30 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field when creating a node. CVE-2022-35133...
CherryTree Impostor Dubbed CherryLoader Makes Its Move
Summary: CherryLoader, a new Go-based downloader, has surfaced in cyber attacks, masquerading as the legitimate CherryTree note-taking app. This sophisticated threat infiltrates compromised hosts, delivering malicious payloads such as privilege escalation tools for exploitation and persistent...
New CherryLoader Malware Mimics CherryTree to Deploy PrivEsc Exploits
A new Go-based malware loader called CherryLoader has been discovered by threat hunters in the wild to deliver additional payloads onto compromised hosts for follow-on exploitation. Arctic Wolf Labs, which discovered the new attack tool in two recent intrusions, said the loader's icon and name...
openSUSE 15 Security Update : cherrytree (openSUSE-SU-2022:10230-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2022:10230-1 advisory. - A cross-site scripting XSS vulnerability in CherryTree v0.99.30 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
OPENSUSE-SU-2022:10230-1 Security update for cherrytree
cherrytree was updated to version 0.99.49+3: Legacycanonicalizefilename: manage empty filename, ghgiuspen/cherrytree2118 added command line option '--anchor AnchorName' that in addition to existing '--node NodeName' allows to open a document focusing an anchor in a node. Changed non configurable...
Security update for cherrytree (moderate)
openSUSE Security Update: Security update for cherrytree Announcement ID: openSUSE-SU-2022:10230-1 Rating: moderate References: 1202513 Cross-References: CVE-2022-35133 CVSS scores: CVE-2022-35133 NVD : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected Products: openSUSE Backports...
CVE-2022-35133
A cross-site scripting XSS vulnerability in CherryTree v0.99.30 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field when creating a node...
CVE-2022-35133
A cross-site scripting XSS vulnerability in CherryTree v0.99.30 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field when creating a node...
CVE-2022-35133
A cross-site scripting XSS vulnerability in CherryTree v0.99.30 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field when creating a node...
Cross site scripting
A cross-site scripting XSS vulnerability in CherryTree v0.99.30 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field when creating a node...
CVE-2022-35133
A cross-site scripting XSS vulnerability in CherryTree v0.99.30 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field when creating a node...
UBUNTU-CVE-2022-35133
A cross-site scripting XSS vulnerability in CherryTree v0.99.30 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field when creating a node...
CVE-2022-35133
A cross-site scripting XSS vulnerability in CherryTree v0.99.30 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field when creating a node...
CVE-2022-35133
CVE-2022-35133 : A cross-site scripting (XSS) vulnerability in CherryTree v0.99.30 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Name field when creating a node. Public records include multiple advisories indicating a fix in newer releases; OpenSUSE/Mageia...
CherryTree 跨站脚本漏洞
CherryTree is a hierarchical note-taking application by the individual developer Giuseppe Penone in the UK. With rich text and syntax highlighting, storing data in a single XML or SQLite file. A security vulnerability exists in CherryTree version v0.99.30, which stems from a vulnerability that...