@andrewzagorski/admin (>=4.25.19-patch.2 <=4.25.19-patch.3), @andrewzagorski/pack-up (=4.23.1-prerelease.2) +25 more potentially affected by CVE-2025-30208 via vite (>=6.0.0 <=6.0.11)

vite NPM version =6.0.0, =4.25.19-patch.2, =19.1.5, =19.1.5, =5.0.0-alpha.37, =19.1.0, =19.1.0, =2.11.0, =2.11.0, =11.23.0, =0.0.0-experimental-13bd4c2-20250203-4e3af844, =0.0.0-snapshot-1d99fea7d2ce2c7a5d9ed0a3752f8a7bda6bc3db, =0.3.0-dev.12 and more Source cves: CVE-2025-30208 Source advisory:...

GHSA-7M27-7GHC-44W9 Next.js Allows a Denial of Service (DoS) with Server Actions

Impact A Denial of Service DoS attack allows attackers to construct requests that leaves requests to Server Actions hanging until the hosting provider cancels the function execution. Note: Next.js server is idle during that time and only keeps the connection open. CPU and memory footprint are low...

Mozilla: Netlify Authentication Token Exposed in Public Mozilla CI Logs

A critical vulnerability was discovered involving the exposure of a Netlify authentication token within publicly accessible logs. The token provided full access to the "Mozilla IT Web SRE" Netlify account, bypassing all restrictions. The token's permissions encompassed roles such as Owner,...

GO-2022-0365 User object created with invalid provider data in GoTrue in github.com/netlify/gotrue

User object created with invalid provider data in GoTrue in github.com/netlify/gotrue...

CVE-2023-38904

A Cross Site Scripting XSS vulnerability in Netlify CMS v.2.10.192 allows a remote attacker to execute arbitrary code via a crafted payload to the body parameter of the new post function...

CVE-2023-38904

A Cross Site Scripting XSS vulnerability in Netlify CMS v.2.10.192 allows a remote attacker to execute arbitrary code via a crafted payload to the body parameter of the new post function...

CVE-2023-38904

A Cross Site Scripting XSS vulnerability in Netlify CMS v.2.10.192 allows a remote attacker to execute arbitrary code via a crafted payload to the body parameter of the new post function...

Cross site scripting

A Cross Site Scripting XSS vulnerability in Netlify CMS v.2.10.192 allows a remote attacker to execute arbitrary code via a crafted payload to the body parameter of the new post function...

CVE-2023-38904

A Cross Site Scripting XSS vulnerability in Netlify CMS v.2.10.192 allows a remote attacker to execute arbitrary code via a crafted payload to the body parameter of the new post function...

CVE-2023-38904

A Cross Site Scripting XSS vulnerability in Netlify CMS v.2.10.192 allows a remote attacker to execute arbitrary code via a crafted payload to the body parameter of the new post function...

PT-2023-26677 · Netlify · Netlify Cms

Name of the Vulnerable Software and Affected Versions: Netlify CMS version 2.10.192 Description: A Cross Site Scripting XSS issue allows a remote attacker to execute arbitrary code via a crafted payload to the body parameter of the new post function. Recommendations: For Netlify CMS version...

Netlify CMS 跨站脚本漏洞

Netlify CMS is a website builder system from the American company Netlify. A security vulnerability exists in Netlify CMS version v.2.10.192. An attacker can exploit this vulnerability to execute arbitrary code via the payload of the body parameter of a specially crafted post function...

CVE-2023-38904

CVE-2023-38904 describes an XSS in Netlify CMS v2.10.192 where a crafted payload in the body parameter of the new post function allows a remote attacker to execute arbitrary code. The issue is documented across multiple sources (NVD, Red Hat, OSV, CNNVD, CVE listing, etc.). Affected component is ...

Malicious code in foxy.io-serverless-functions-on-netlify-demo (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 31fcc1352ebaac1135e5fad045763c61fc9666c1968dbd91fe87951dd50882ea Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Netlify CMS 2.10.192 - Stored Cross-Site Scripting (XSS)

Exploit Title: Netlify CMS 2.10.192 - Stored Cross-Site Scripting XSS Exploit Author: tmrswrr Vendor Homepage: https://decapcms.org/docs/intro/ Software Link: https://github.com/decaporg/decap-cms Version: 2.10.192 Tested on: https://cms-demo.netlify.com Description: 1. Go to new post and write...

Netlify CMS 2.10.192 Cross Site Scripting

Exploit Title: Netlify CMS 2.10.192 - Stored Cross-Site Scripting XSS Exploit Author: tmrswrr Vendor Homepage: https://decapcms.org/docs/intro/ Software Link: https://github.com/decaporg/decap-cms Version: 2.10.192 Tested on: https://cms-demo.netlify.com Description: 1. Go to new post and write...

Netlify CMS 2.10.192 - Stored Cross-Site Scripting Vulnerability

Exploit Title: Netlify CMS 2.10.192 - Stored Cross-Site Scripting XSS Exploit Author: tmrswrr Vendor Homepage: https://decapcms.org/docs/intro/ Software Link: https://github.com/decaporg/decap-cms Version: 2.10.192 Tested on: https://cms-demo.netlify.com Description: 1. Go to new post and write...

Cross-site Scripting (XSS)

@netlify/ipx is vulnerable to cross-site scripting.The vulnerability exists in createIPXHandler function in index.ts due to improper host validation, which allows an attacker to inject and execute malicious javascript via cache poisoning...

CVE-2022-39239

netlify-ipx is an on-Demand image optimization for Netlify using ipx. In versions prior to 1.2.3, an attacker can bypass the source image domain allowlist by sending specially crafted headers, causing the handler to load and return arbitrary images. Because the response is cached globally, this...

Design/Logic Flaw

netlify-ipx is an on-Demand image optimization for Netlify using ipx. In versions prior to 1.2.3, an attacker can bypass the source image domain allowlist by sending specially crafted headers, causing the handler to load and return arbitrary images. Because the response is cached globally, this...