14 matches found
EUVD-2024-51927
Malicious code in bioql PyPI...
EUVD-2024-51928
Malicious code in bioql PyPI...
SUSE CVE-2025-22150
Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses Math.random to choose the boundary for a multipart/form-data request. It is known that the output of Math.random can be predicted if several of its generated values are known. If...
CVE-2024-53273
Habitica is an open-source habit-building program. Versions prior to 5.28.5 are vulnerable to reflected cross-site scripting. The register function in RegisterLoginReset.vue contains a reflected XSS vulnerability due to an incorrect sanitization function. An attacker can specify a malicious...
CVE-2024-53272
Habitica is an open-source habit-building program. Versions prior to 5.28.5 are vulnerable to reflected cross-site scripting. The login and social media function in RegisterLoginReset.vue contains two reflected XSS vulnerabilities due to an incorrect sanitization function. An attacker can specify...
Habitica 跨站脚本漏洞
Habitica is an open source habit-forming program open-sourced by HabitRPG. A cross-site scripting vulnerability exists in Habitica versions prior to 5.28.5 that stems from incorrect cleanup functionality and is susceptible to reflective cross-site scripting attacks...
Habitica 跨站脚本漏洞
Habitica is an open source habit-forming program open-sourced by HabitRPG. A cross-site scripting vulnerability exists in Habitica versions prior to 5.28.5 that stems from incorrect cleanup functionality and is susceptible to reflective cross-site scripting attacks...
CVE-2024-53274 GHSL-2024-111: Reflected XSS in /home in habitica
Habitica is an open-source habit-building program. Versions prior to 5.28.5 are vulnerable to reflected cross-site scripting. The register function in home.vue containsa reflected XSS vulnerability due to an incorrect sanitization function. An attacker can specify a malicious redirectTo parameter...
CVE-2024-53274 GHSL-2024-111: Reflected XSS in /home in habitica
Habitica is an open-source habit-building program. Versions prior to 5.28.5 are vulnerable to reflected cross-site scripting. The register function in home.vue containsa reflected XSS vulnerability due to an incorrect sanitization function. An attacker can specify a malicious redirectTo parameter...
CVE-2024-53273 GHSL-2024-110: Reflected XSS in /register in habitica
Habitica is an open-source habit-building program. Versions prior to 5.28.5 are vulnerable to reflected cross-site scripting. The register function in RegisterLoginReset.vue contains a reflected XSS vulnerability due to an incorrect sanitization function. An attacker can specify a malicious...
CVE-2024-53273
Habitica (open‑source app) has a reflected XSS in the /register path prior to version 5.28.5. The vulnerability arises from an incorrect sanitization in the RegisterLoginReset.vue component, allowing a malicious redirectTo parameter to trigger the attack and potentially gain control of a victim’s...
CVE-2024-53272
Habitica (open-source habit tracker) is affected by a reflected XSS in versions before 5.28.5. The vulnerability occurs in the login and social media flows handled by RegisterLoginReset.vue, caused by an improper sanitization function. An attacker can craft a malicious redirectTo parameter in a l...
CVE-2024-53272 GHSL-2024-109: Reflected XSS in /login in habitica
Habitica is an open-source habit-building program. Versions prior to 5.28.5 are vulnerable to reflected cross-site scripting. The login and social media function in RegisterLoginReset.vue contains two reflected XSS vulnerabilities due to an incorrect sanitization function. An attacker can specify...
CVE-2024-53272 GHSL-2024-109: Reflected XSS in /login in habitica
Habitica is an open-source habit-building program. Versions prior to 5.28.5 are vulnerable to reflected cross-site scripting. The login and social media function in RegisterLoginReset.vue contains two reflected XSS vulnerabilities due to an incorrect sanitization function. An attacker can specify...