265 matches found
CVE-2021-32851
Mind-elixir is a free, open source mind map core. Prior to version 0.18.1, mind-elixir is prone to cross-site scripting when handling untrusted menus. This issue is patched in version 0.18.1...
Cross site scripting
Mind-elixir is a free, open source mind map core. Prior to version 0.18.1, mind-elixir is prone to cross-site scripting when handling untrusted menus. This issue is patched in version 0.18.1...
CVE-2021-32851
Mind-elixir Cross-site Scripting vulnerability (CVE-2021-32851) affects Mind-elixir core prior to version 0.18.1, where untrusted menu handling can lead to XSS. The issue is fixed in 0.18.1. Affected scope includes Mind-elixir versions before 0.18.1; remediation is to upgrade to 0.18.1 or later. ...
Mind-elixir 跨站脚本漏洞
Mind-elixir is a framework-agnostic mind mapping core from the individual developers of ssshooter. A cross-site scripting vulnerability exists in versions of Mind-elixir prior to 0.18.1, which stems from a susceptibility to cross-site scripting when dealing with untrusted menus...
PT-2023-12183 · Unknown · Mind-Elixir
Name of the Vulnerable Software and Affected Versions: Mind-elixir versions prior to 0.18.1 Description: The issue is related to cross-site scripting when handling untrusted menus in Mind-elixir, a free, open source mind map core. Recommendations: For versions prior to 0.18.1, update to version...
CVE-2021-32851 jQuery MiniColors vulnerable to Cross-site Scripting
Mind-elixir is a free, open source mind map core. Prior to version 0.18.1, mind-elixir is prone to cross-site scripting when handling untrusted menus. This issue is patched in version 0.18.1...
ecto 安全漏洞
ecto is an elixir-ecto open source toolkit for data mapping and language integration queries. A security vulnerability exists in ecto version 2.2.0, which stems from the lack of some kind of protection mechanism...
elixir-fitness.com Cross Site Scripting vulnerability OBB-3134532
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
[SECURITY] Fedora 37 Update: elixir-1.14.2-1.fc37
Elixir is a programming language built on top of the Erlang VM. As Erlang, it is a functional language built to support distributed, fault-tolerant, non-stop applications with hot code swapping...
Fedora: Security Advisory for elixir (FEDORA-2022-be7abff81b)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
personnummer/rust vulnerable to Improper Input Validation
This vulnerability was reported to the personnummer team in June 2020. The slow response was due to locked ownership of some of the affected packages, which caused delays to update packages prior to disclosure. The vulnerability is determined to be low severity. Impact This vulnerability impacts...
Security Bulletin: IBM Robotic Process Automation may be affected by multiple vulnerabilities in open source components (CVE-2019-0820, CVE-2020-15522, CVE-2021-43569)
Summary Multiple vulnerabilities in IBM Robotic Process Automation 21.0.1brBouncy Castle is used by IBM Robotic Process Automation as part of it's cryptograpy implementation. CVE-2020-15522.brStark Bank Elixir is used by IBM Robotic Process Automation as part of it's cryptograpy implementation...
Elixir can leak information due to weak use of crypto
Elixir prior to and including 0.7.1 uses Blowfish in CFB mode without constructing a unique initialization vector IV, which makes it easier for context-dependent users to obtain sensitive information and decrypt the database. A patch has been attached to the initial advisory to mitigate this...
GHSA-VFCG-5GGC-3RXX Elixir can leak information due to weak use of crypto
Elixir prior to and including 0.7.1 uses Blowfish in CFB mode without constructing a unique initialization vector IV, which makes it easier for context-dependent users to obtain sensitive information and decrypt the database. A patch has been attached to the initial advisory to mitigate this...
Elixir can leak information due to weak use of crypto
Elixir prior to and including 0.7.1 uses Blowfish in CFB mode without constructing a unique initialization vector IV, which makes it easier for context-dependent users to obtain sensitive information and decrypt the database. A patch has been attached to the initial advisory to mitigate this...
GHSA-6X65-VQP7-5R63 alchemist.vim vulnerable to remote code execution
Elixir's vim plugin, alchemist.vim is vulnerable to remote code execution in the bundled alchemist-server. A malicious website can execute requests against an ephemeral port on localhost that are then evaluated as elixir code...
alchemist.vim vulnerable to remote code execution
Elixir's vim plugin, alchemist.vim is vulnerable to remote code execution in the bundled alchemist-server. A malicious website can execute requests against an ephemeral port on localhost that are then evaluated as elixir code...
Inline DTD allows XML bomb attack
The SweetXml aka sweetxml package through 0.6.6 for Erlang and Elixir allows attackers to cause a denial of service resource consumption via an XML entity expansion attack with an inline DTD...
GHSA-QPMC-WPRV-X746 Inline DTD allows XML bomb attack
The SweetXml aka sweetxml package through 0.6.6 for Erlang and Elixir allows attackers to cause a denial of service resource consumption via an XML entity expansion attack with an inline DTD...
Header Injection
Elixir Plug Plug version All contains a Header Injection vulnerability in Connection that can result in Given a cookie value, Headers can be added. This attack appear to be exploitable via Crafting a value to be sent as a cookie. This vulnerability appears to have been fixed in = 1.3.5 or 1.2.5 o...