CVE-2024-36361

Pug through 3.0.2 allows JavaScript code execution if an application accepts untrusted input for the name option of the compileClient, compileFileClient, or compileClientWithDependenciesTracked function. NOTE: these functions are for compiling Pug templates into JavaScript, and there would...

Security Update for Microsoft Visual Studio Team Foundation Server 2013 (KB2903566)

This security update resolves a privately reported vulnerability in TFS 2013 web access. The vulnerability could allow java script to be executed on a vulnerable browser if an attacker sends a specially crafted message...