MicroStrategy Web SDK Cross-Site Scripting Vulnerability (CNVD-2022-77860)

MicroStrategy Web SDK is a JavaScript library from MicroStrategy, Inc. It interacts with different CARTO APIs to build custom applications on top of deck.gl that utilize vector rendering. MicroStrategy Web SDK version 10.11 and earlier versions contain a cross-site scripting vulnerability that...

stored xss due to unsantized anchor url

BUG ====== stored xss due to unsantized anchor url SUMMURY ========= using fullpage.js you can create a anchor tag . But when put href in anchor then it does not sanitize the url which allow to break context of anchor element and can add our new element . I see main javascript or other javascript...

CVE-2022-24785

Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm server users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale. This...

Medialize URI.js 输入验证错误漏洞

Medialize URI.js is a Javascript-based code library from the Medialize team that can be used to efficiently stitch together URLs. Medialize URI.js is vulnerable to an input validation error that originates from opening redirects in medialize/uri.js. No detailed vulnerability details are available...

Medialize URI.js 安全漏洞

Medialize URI.js is a Javascript-based code library for efficient URL stitching from the Medialize team. correctly parsed. No details of the vulnerability are currently available...

Improper Input Validation

Overview url-js is a Simple URL parser, similar to DOM URL Affected versions of this package are vulnerable to Improper Input Validation due to improper parsing, which makes it is possible for the hostname to be spoofed. http://\\\\localhost and http://localhost are the same URL. However, the...

UBUNTU-CVE-2022-0520

Use After Free in NPM radare2.js prior to 5.6.2...

Denial of Service (DoS)

Overview fast-string-search is a module that can search substrings in a string by using N-API and boyer-moore-magiclen. Affected versions of this package are vulnerable to Denial of Service DoS when computations are incorrect for non-string inputs. One can cause the V8 to attempt reading from...

CVE-2021-46507

Jsish v3.5.0 was discovered to contain a stack overflow via JsiLogMsg at src/jsiUtils.c...

Fedora: Security Advisory for js-jquery-ui (FEDORA-2021-ab38307fc3)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 34 Update: js-jquery-ui-1.13.0-1.fc34

A curated set of user interface interactions, effects, widgets, and themes built on top of the jQuery JavaScript Library...

CISA warns of trojanized versions of JavaScript library’s NPM package

By Deeba Ahmed The warning comes days after three rogue packages, okhsa, klow, and klown discovered by DevSecOps firm Sonatype, were removed from the NPM repository. This is a post from HackRead.com Read the original post: CISA warns of trojanized versions of JavaScript librarys NPM package...

Cross site request forgery (csrf)

The Leaflet Map WordPress plugin before 3.0.0 does not verify the CSRF nonce when saving its settings, which allows attackers to make a logged in admin update the settings via a Cross-Site Request Forgery attack. This could lead to Cross-Site Scripting issues by either changing the URL of the...

CVE-2021-32738

js-stellar-sdk is a Javascript library for communicating with a Stellar Horizon server. The Utils.readChallengeTx function used in SEP-10 Stellar Web Authentication states in its function documentation that it reads and validates the challenge transaction including verifying that the...

CVE-2021-32738

js-stellar-sdk is a Javascript library for communicating with a Stellar Horizon server. The Utils.readChallengeTx function used in SEP-10 Stellar Web Authentication states in its function documentation that it reads and validates the challenge transaction including verifying that the...

CVE-2021-32738

CVE-2021-32738 affects the js-stellar-sdk library used to interact with Stellar Horizon. The vulnerability lies in Utils.readChallengeTx, which, before version 8.2.3, did not verify that the server signature was present on the challenge transaction; however, signature verification via Utils.verif...

jQuery Detection (Linux/Unix SSH Login)

SSH login-based detection of jQuery. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it...

Debian DSA-4917-1 : chromium - security update

Several vulnerabilities have been discovered in the chromium web browser. - CVE-2021-30506 @retsew0x01 discovered an error in the Web App installation interface. - CVE-2021-30507 Alison Huffman discovered an error in the Offline mode. - CVE-2021-30508 Leecraso and Guang Gong discovered a buffer...

CVE-2021-29489

Highcharts JS is a JavaScript charting library based on SVG. In Highcharts versions 8 and earlier, the chart options structure was not systematically filtered for XSS vectors. The potential impact was that content from untrusted sources could execute code in the end user's browser. The...

Debian DSA-4886-1 : chromium - security update

Several vulnerabilites have been discovered in the chromium web browser. - CVE-2021-21159 Khalil Zhani discovered a buffer overflow issue in the tab implementation. - CVE-2021-21160 Marcin Noga discovered a buffer overflow issue in WebAudio. - CVE-2021-21161 Khalil Zhani discovered a buffer...