5082 matches found
PT-2023-15234 · Ghost Foundation · Ghost
Name of the Vulnerable Software and Affected Versions: Ghost Foundation Ghost version 5.9.4 Description: An insecure default vulnerability exists in the Post Creation functionality, allowing non-administrator users to inject arbitrary Javascript in posts. This enables privilege escalation to...
PT-2023-15235 · Ghost Foundation · Ghost
Name of the Vulnerable Software and Affected Versions: Ghost Foundation Ghost version 5.9.4 Description: An insecure default vulnerability exists in the Post Creation functionality, allowing non-administrator users to inject arbitrary Javascript in posts. This enables privilege escalation to...
PT-2023-15233 · Ghost · Ghost
Name of the Vulnerable Software and Affected Versions: Ghost versions 5.9.4 Description: An insecure default issue exists in the Post Creation functionality, allowing non-administrator users to inject arbitrary Javascript in posts. This enables privilege escalation to administrator via XSS. An...
Ghost Foundation Ghost 安全漏洞
Ghost Foundation Ghost is a Ghost open source personal blogging system written in JavaScript. A security vulnerability exists in Ghost Foundation Ghost 5.9.4, which stems from an insecure default vulnerability in the post creation feature of Ghost Foundation Ghost 5.9.4. The default installation ...
PT-2023-15236 · Ghost Foundation · Ghost
Name of the Vulnerable Software and Affected Versions: Ghost Foundation Ghost version 5.9.4 Description: An insecure default vulnerability exists in the Post Creation functionality, allowing non-administrator users to inject arbitrary Javascript in posts. This enables privilege escalation to...
LISTSERV 17 Cross Site Scripting Vulnerability
Exploit Title: LISTSERV 17 - Reflected Cross Site Scripting XSS Exploit Author: Shaunt D Vendor Homepage: https://www.lsoft.com/ Version: 17 Tested on: Windows Server 2019 CVE : CVE-2022-39195 A reflected cross-site scripting XSS vulnerability in the LISTSERV 17 web interface allows remote...
CVE-2022-39195
A cross-site scripting XSS vulnerability in the LISTSERV 17 web interface allows remote attackers to inject arbitrary JavaScript or HTML via the c parameter...
Cross-Site Scripting (XSS)
@mattkrick/sanitize-svg is vulnerable to Cross-Site Scripting XSS. The vulnerability exists due to improper sanitization of user inputs in the deny-list-pattern which allows an attacker to inject and execute arbitrary JavaScript...
L-Soft LISTSERV 跨站脚本漏洞
L-Soft LISTSERV is a suite of e-mail list management software from L-Soft. A cross-site scripting vulnerability exists in LISTSERV version 17, which stems from a cross-site scripting XSS vulnerability in the web interface. An attacker can exploit this vulnerability to inject arbitrary JavaScript ...
CVE-2023-22491
Gatsby is a free and open source framework based on React that helps developers build websites and apps. The gatsby-transformer-remark plugin prior to versions 5.25.1 and 6.3.2 passes input through to the gray-matter npm package, which is vulnerable to JavaScript injection in its default...
Design/Logic Flaw
Gatsby is a free and open source framework based on React that helps developers build websites and apps. The gatsby-transformer-remark plugin prior to versions 5.25.1 and 6.3.2 passes input through to the gray-matter npm package, which is vulnerable to JavaScript injection in its default...
UBUNTU-CVE-2023-22491
Gatsby is a free and open source framework based on React that helps developers build websites and apps. The gatsby-transformer-remark plugin prior to versions 5.25.1 and 6.3.2 passes input through to the gray-matter npm package, which is vulnerable to JavaScript injection in its default...
CVE-2023-22491 gatsby-transformer-remark vulnerable to unsanitized JavaScript code injection
Gatsby is a free and open source framework based on React that helps developers build websites and apps. The gatsby-transformer-remark plugin prior to versions 5.25.1 and 6.3.2 passes input through to the gray-matter npm package, which is vulnerable to JavaScript injection in its default...
CVE-2023-22491 gatsby-transformer-remark vulnerable to unsanitized JavaScript code injection
Gatsby is a free and open source framework based on React that helps developers build websites and apps. The gatsby-transformer-remark plugin prior to versions 5.25.1 and 6.3.2 passes input through to the gray-matter npm package, which is vulnerable to JavaScript injection in its default...
CVE-2023-22491
The CVE-2023-22491 entry concerns the Gatsby gatsby-transformer-remark plugin, affected in versions prior to 5.25.1 and 6.3.2. The vulnerability arises when the plugin passes input to gray-matter in data mode, allowing JavaScript injection in its default configuration if input is not sanitized; i...
CVE-2023-22491 gatsby-transformer-remark vulnerable to unsanitized JavaScript code injection
Gatsby is a free and open source framework based on React that helps developers build websites and apps. The gatsby-transformer-remark plugin prior to versions 5.25.1 and 6.3.2 passes input through to the gray-matter npm package, which is vulnerable to JavaScript injection in its default...
CVE-2023-22491
Gatsby is a free and open source framework based on React that helps developers build websites and apps. The gatsby-transformer-remark plugin prior to versions 5.25.1 and 6.3.2 passes input through to the gray-matter npm package, which is vulnerable to JavaScript injection in its default...
GHSA-7CH4-RR99-CQCW gatsby-transformer-remark has possible unsanitized JavaScript code injection
Impact The gatsby-transformer-remark plugin prior to versions 5.25.1 and 6.3.2 passes input through to the gray-matter npm package, which is vulnerable to JavaScript injection in its default configuration, unless input is sanitized. The vulnerability is present in gatsby-transformer-remark when...
Australian Healthcare Sector Targeted in Latest Gootkit Malware Attacks
A recent wave of Gootkit malware loader attacks has targeted the Australian healthcare sector by leveraging legitimate tools like VLC Media Player. Gootkit, also called Gootloader, is known to employ search engine optimization SEO poisoning tactics aka spamdexing for initial access. It typically...
Cross-Site Scripting (XSS)
node-json2html is vulnerable to Cross-Site scripting. The vulnerability exists in the apply function in json2html.js for the text attribute which allows an attacker to inject and execute arbitrary JavaScript...