210 matches found
CVE-2023-25309
Cross Site Scripting XSS Vulnerability in Fetlife rollout-ui version 0.5, allows attackers to execute arbitrary code via a crafted url to the delete a feature functionality...
EUVD-2023-29270
Malicious code in bioql PyPI...
FetLife: Able to see location coordinates in any event without permission to do so
The vulnerability allowed attackers to view the location coordinates of events in the response of the /events/event-id endpoint, even when the event host had hidden the exact address from non-RSVP users. This was possible because the coordinates were included in the response regardless of the...
FetLife: fetlife.com/signup_step_profile expose access_token of mapbox.com
Vulnerability description not provided...
Cross Site Scripting (XSS) Vulnerability in Fetlife rollout-ui gem v0.5
Cross Site Scripting XSS Vulnerability in Fetlife rollout-ui version 0.5, allows attackers to execute arbitrary code via a crafted url to the delete a feature functionality...
Cross Site Scripting (XSS) Vulnerability in Fetlife rollout-ui gem
Cross Site Scripting XSS Vulnerability in Fetlife rollout-ui version 0.5, allows attackers to execute arbitrary code via a crafted url to the delete a feature functionality...
GHSA-5XQ9-H3J2-JXVC Cross Site Scripting (XSS) Vulnerability in Fetlife rollout-ui gem
Cross Site Scripting XSS Vulnerability in Fetlife rollout-ui version 0.5, allows attackers to execute arbitrary code via a crafted url to the delete a feature functionality...
CVE-2023-25309
Cross Site Scripting XSS Vulnerability in Fetlife rollout-ui version 0.5, allows attackers to execute arbitrary code via a crafted url to the delete a feature functionality...
CVE-2023-25309
Cross Site Scripting XSS Vulnerability in Fetlife rollout-ui version 0.5, allows attackers to execute arbitrary code via a crafted url to the delete a feature functionality...
Cross site scripting
Cross Site Scripting XSS Vulnerability in Fetlife rollout-ui version 0.5, allows attackers to execute arbitrary code via a crafted url to the delete a feature functionality...
CVE-2023-25309
CVE-2023-25309 describes a cross-site scripting vulnerability in Fetlife rollout-ui
PT-2023-20022 · Fetlife · Fetlife Rollout-Ui
Name of the Vulnerable Software and Affected Versions: Fetlife rollout-ui version 0.5 Description: The issue allows attackers to execute arbitrary code via a crafted URL to the delete a feature functionality. This is a Cross Site Scripting XSS vulnerability. Recommendations: For Fetlife rollout-u...
CVE-2023-25309
Cross Site Scripting XSS Vulnerability in Fetlife rollout-ui version 0.5, allows attackers to execute arbitrary code via a crafted url to the delete a feature functionality...
Rollout::UI 跨站脚本漏洞
Rollout::UI is a minimalist UI software from the fetlife community. A security vulnerability exists in Rollout::UI, which stems from the function name in the confirmation dialog not being properly escaped. An attacker could exploit this vulnerability to perform a cross-site scripting attack...
Malicious code in fetlife-assets (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 037ffc75ae9efac1dfb156531f65f3a6e9301fb1db39a9d905346bac028cf5c1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-790 Malicious code in @youporn/fetlife-assets (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 603675e7aa067faae6c76ee52b00ad6f559d71e6fdb60afbe06533dc0739c02b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-795 Malicious code in @zivver/fetlife-assets (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 252563d49ca0b12c7e64af6a853395f0e071b90cb7e08479fccac1ff8ad07983 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-738 Malicious code in @xfinity/fetlife-assets (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a9a1f10d5f6aa7b39416dcfd78a0c6036c840ddd308e7c1a988e46acccc39046 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @zivver/fetlife-assets (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 252563d49ca0b12c7e64af6a853395f0e071b90cb7e08479fccac1ff8ad07983 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-708 Malicious code in @volkswagen/fetlife-assets (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0787eda26a60e4dc7bae988256e6b515c8037fe092f29e2caa710149a768631e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...