4 matches found
Authorization Bypass Through User-Controlled Key
Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the privateexports process. An attacker can access another user's private data exports by exploiting UUID collisions that occur when the UUID is converted to an integer, causing files...
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure via the embed feature. An attacker can access unpublished or private resource data by inferring the slug or URL of the resource that can be embedded. Note: This is only exploitable if the resource allows embedding a...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the dynamic file upload feature. An attacker can modify the file names of the records being uploaded to the server, which could lead to the execution of malicious scripts. This vulnerability is present in...
@corex/argon-theme (>=1.1.1 <=1.1.33), @creative-tim-official/argon-dashboard-free (=1.2.0) +14 more potentially affected by CVE-2016-1000227 via bootstrap-tagsinput (=0.7.1)
bootstrap-tagsinput NPM version =0.7.1 is affected by a known vulnerability. The following packages have a transitive dependency on bootstrap-tagsinput and may be impacted: - @corex/argon-theme =1.1.1, =0.27.0, =0.0.1, =0.1.0, =3.0.0, =1.2.0, =0.1.0, =0.2.0, =0.1.1, =1.2.6, =1.4.0, =0.1.89, =0.2....