158 matches found
CVE-2018-1000543
CVE-2018-1000543 affects Akiee version 0.0.3. The vulnerability is a cross-site scripting flaw in the Details of a task, caused by an unvalidated node integration context that can lead to arbitrary code execution. Multiple sources (CNVD-2018-12808, NVD entry) describe exploitation via a crafted m...
Simple bug could lead to RCE flaw on apps built with Electron Framework
A critical remote code execution vulnerability has been discovered in the popular Electron web application framework that could allow attackers to execute malicious code on victims' computers. Electron is an open source app development framework that powers thousands of widely-used desktop...
GHSA-8XWG-WV7V-4VQP Electron Vulnerable to Code Execution by Re-Enabling Node.js Integration
A vulnerability has been discovered which allows Node.js integration to be re-enabled in some Electron applications that disable it. For the application to be impacted by this vulnerability it must meet all of these conditions - Runs on Electron 1.7, 1.8, or a 2.0.0-beta - Allows execution of...
CVE-2018-1000136
Electron version 1.7 up to 1.7.12; 1.8 up to 1.8.3 and 2.0.0 up to 2.0.0-beta.3 contains an improper handling of values vulnerability in Webviews that can result in remote code execution. This attack appear to be exploitable via an app which allows execution of 3rd party code AND disallows node...
CVE-2018-1000136
CVE-2018-1000136 concerns the Electron framework where Webviews mishandle values, enabling potential remote code execution. Affected are Electron versions: 1.7.x up to 1.7.12, 1.8.x up to 1.8.3, and 2.0.0 up to 2.0.0-beta.3. The issue appears when an application allows execution of third‑party co...
Cross-site Scripting (XSS)
shiba is vulnerable to cross-site scripting XSS attacks. These attacks are possible due to the enabled node integration...
Design/Logic Flaw
Leanote-desktop version v2.5 is vulnerable to a XSS which leads to code execution due to enabled node integration...
Design/Logic Flaw
Shiba markdown live preview app version 1.1.0 is vulnerable to XSS which leads to code execution due to enabled node integration...
CVE-2017-1000492
Leanote-desktop version v2.5 is vulnerable to a XSS which leads to code execution due to enabled node integration...
CVE-2017-1000492
Leanote-desktop version v2.5 is vulnerable to a XSS which leads to code execution due to enabled node integration...
CVE-2017-1000491
Shiba markdown live preview app version 1.1.0 is vulnerable to XSS which leads to code execution due to enabled node integration...
CVE-2017-1000491
Shiba markdown live preview app version 1.1.0 is vulnerable to XSS which leads to code execution due to enabled node integration...
CVE-2017-1000492
Leanote-desktop version v2.5 is vulnerable to a XSS which leads to code execution due to enabled node integration...
CVE-2017-1000491
Shiba markdown live preview app version 1.1.0 is vulnerable to XSS which leads to code execution due to enabled node integration...
CVE-2017-1000492
CVE-2017-1000492 affects Leanote-desktop v2.5. The vulnerability is a cross-site scripting (XSS) flaw caused by enabled Node integration, which can lead to code execution. Multiple sources (NVD and Red Hat, OSV, CNVD, etc.) corroborate the issue. CVSS details: CVSS2 base 4.3 (I:P) and CVSS3 base ...
CVE-2017-1000491
CVE-2017-1000491 affects the Shiba markdown live preview app, version 1.1.0, with a cross-site scripting (XSS) vulnerability that can lead to code execution. The root cause is enabled Node.js integration in the app environment. Exploit specifics, affected platforms, and remediation are not provid...
GitHub Electron nodeIntegration Bypass Vulnerability
GitHub Electron is an open source framework for building desktop applications using HTML, CSS and JavaScript. A bypass vulnerability exists in GitHub Electron nodeIntegration. Allows an attacker to perform remote command execution...
CVE-2017-12581
GitHub Electron before 1.6.8 allows remote command execution because of a nodeIntegration bypass vulnerability. This also affects all applications that bundle Electron code equivalent to 1.6.8 or earlier. Bypassing the Same Origin Policy SOP is a precondition; however, recent Electron versions do...