PhantomJS Arbitrary File Read

PhantomJS through 2.1.1 has an arbitrary file read vulnerability, as demonstrated by an XMLHttpRequest for a file:// URI. The vulnerability exists in the page.open function of the webpage module, which loads a specified URL and calls a given callback. An attacker can supply a specially crafted HT...

GHSA-X43G-GJ9X-838X PhantomJS Arbitrary File Read

PhantomJS through 2.1.1 has an arbitrary file read vulnerability, as demonstrated by an XMLHttpRequest for a file:// URI. The vulnerability exists in the page.open function of the webpage module, which loads a specified URL and calls a given callback. An attacker can supply a specially crafted HT...

Improperly Controlled Modification of Dynamically-Determined Object Attributes in casperjs

Overview casperjs is a navigation scripting & testing utility for PhantomJS and SlimerJS. Affected versions of this package are vulnerable to Prototype Pollution via the mergeObjects utility function. PoC js var payload = JSON.parse'"proto": "a": "pwned"'; mergeObjects, payload; console.log.a; //...

GHSA-J9PJ-HX76-92V6 Server-Side Request Forgery in phantomjs-seo

This affects all versions of package phantomjs-seo. It is possible for an attacker to craft a url that will be passed to a PhantomJS instance allowing for an SSRF attack...

Server-Side Request Forgery in phantomjs-seo

This affects all versions of package phantomjs-seo. It is possible for an attacker to craft a url that will be passed to a PhantomJS instance allowing for an SSRF attack...

CVE-2021-29475

HedgeDoc formerly known as CodiMD is an open-source collaborative markdown editor. An attacker is able to receive arbitrary files from the file system when exporting a note to PDF. Since the code injection has to take place as note content, there fore this exploit requires the attackers ability t...

Code injection

HedgeDoc formerly known as CodiMD is an open-source collaborative markdown editor. An attacker is able to receive arbitrary files from the file system when exporting a note to PDF. Since the code injection has to take place as note content, there fore this exploit requires the attackers ability t...

CVE-2021-29475 PDF export allows arbitrary file reads

HedgeDoc formerly known as CodiMD is an open-source collaborative markdown editor. An attacker is able to receive arbitrary files from the file system when exporting a note to PDF. Since the code injection has to take place as note content, there fore this exploit requires the attackers ability t...

CVE-2021-29475

CVE-2021-29475 affects HedgeDoc (formerly CodiMD). The vulnerability allows an attacker who can modify a note to cause the system to export the note to PDF in a way that reads arbitrary files from the server’s filesystem (including config.json and other sensitive data) via file:/// references use...

Server-side Request Forgery (SSRF)

phantomjs-seo is vulnerable to server-side request forgery SSRF. An attacker is able to submit requests on behalf of the PhantomJS instance...

CVE-2020-7739

This affects all versions of package phantomjs-seo. It is possible for an attacker to craft a url that will be passed to a PhantomJS instance allowing for an SSRF attack...

CVE-2020-7739

This affects all versions of package phantomjs-seo. It is possible for an attacker to craft a url that will be passed to a PhantomJS instance allowing for an SSRF attack...

Server side request forgery (ssrf)

This affects all versions of package phantomjs-seo. It is possible for an attacker to craft a url that will be passed to a PhantomJS instance allowing for an SSRF attack...

CVE-2020-7739

This affects all versions of package phantomjs-seo. It is possible for an attacker to craft a url that will be passed to a PhantomJS instance allowing for an SSRF attack...

UBUNTU-CVE-2020-7739

This affects all versions of package phantomjs-seo. It is possible for an attacker to craft a url that will be passed to a PhantomJS instance allowing for an SSRF attack...

CVE-2020-7739 Server-side Request Forgery (SSRF)

This affects all versions of package phantomjs-seo. It is possible for an attacker to craft a url that will be passed to a PhantomJS instance allowing for an SSRF attack...

CVE-2020-7739

CVE-2020-7739 affects all versions of phantomjs-seo. The vulnerability allows an attacker to craft a URL that is passed to a PhantomJS instance, enabling Server-Side Request Forgery (SSRF). The connected sources (OSV, GHSA, NVD, UBUNTU-CVE, Veracode, etc.) consistently describe an SSRF condition ...

Server-side Request Forgery (SSRF)

Overview phantomjs-seo is an express middleware for prerendering pages with phantomjs for search engine crawling Affected versions of this package are vulnerable to Server-side Request Forgery SSRF. It is possible for an attacker to craft a url that will be passed to a PhantomJS instance allowing...

openSUSE Security Update : grafana / grafana-piechart-panel / grafana-status-panel (openSUSE-2020-892)

This update for grafana, grafana-piechart-panel, grafana-status-panel fixes the following issues : grafana was updated to version 7.0.3 : - Features / Enhancements - Stats: include all fields. 24829, @ryantxu - Variables: change VariableEditorList row action Icon to IconButton. 25217, @hshoff - B...

Cross-site Scripting (XSS)

svg2png is vulnerable to cross-site scripting XSS. The attack exists because it renders XML snippet using phantomjs directly into an image without sanitizing it, allowing an attacker to inject arbitrary script inside SVG document...