27 matches found
Malicious code in @c11-lib-ts/document-handler (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bf45faf4cf8ea3609807fa01163bcf09cd1e633ed2744a8593f0efe85a8f0b24 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2024-4327
A vulnerability was found in Apryse WebViewer up to 10.8.0. It has been classified as problematic. This affects an unknown part of the component PDF Document Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to...
CVE-2024-4327
The CVE-2024-4327 entry concerns Apryse WebViewer (up to 10.8.0). Affected component: the PDF Document Handler, where a cross-site scripting flaw has been identified. Root cause: improper handling in this component enables malicious input to execute in the context of a user session. Impact: remot...
Apryse WebViewer 跨站脚本漏洞
Apryse WebViewer is a web browser from Apryse Corporation. A cross-site scripting vulnerability exists in Apryse WebViewer version 10.8.0, which stems from the component PDF Document Handler that causes cross-site scripting...
PT-2024-30433 · Apryse · Apryse Webviewer
Name of the Vulnerable Software and Affected Versions: Apryse WebViewer versions up to 10.8.0 Description: A vulnerability was found in the PDF Document Handler component of Apryse WebViewer, which can lead to cross site scripting. The manipulation can be initiated remotely. The vendor recommends...
The vulnerability of the DocumentHandler component of the ONLYOFFICE Workspace document management system arises due to deficiencies in the encryption of user-input data. This vulnerability allows attackers to execute cross-site scripting (XSS) attacks.
The vulnerability of the DocumentHandler component of the ONLYOFFICE Workspace document management system exists due to deficiencies in the encryption of user-input data. Exploiting this vulnerability could allow a malicious actor to perform cross-site scripting attacks XSS remotely...
OpenJDK: XXE issue in decoder (Beans, 8023245)
Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote authenticated users to affect confidentiality and availability via unknown vectors related to Beans. NOTE: the previous information is from the Janua...