64 matches found
GHSA-JFRQ-HJ9F-C8QX CleverTap Web SDK is vulnerable to DOM-based Cross-Site Scripting (XSS) via window.postMessage
CleverTap Web SDK version 1.15.2 and earlier is vulnerable to DOM-based Cross-Site Scripting XSS via window.postMessage in the Visual Builder module. The origin validation in src/modules/visualBuilder/pageBuilder.js lines 56-60 uses the includes method to verify the originUrl contains...
CVE-2026-26861
CleverTap Web SDK version 1.15.2 and earlier is vulnerable to Cross-Site Scripting XSS via window.postMessage. The handleCustomHtmlPreviewPostMessageEvent function in src/util/campaignRender/nativeDisplay.js performs insufficient origin validation using the includes method, which can be bypassed ...
CVE-2022-0767
Server-Side Request Forgery SSRF in GitHub repository janeczku/calibre-web prior to 0.6.17...
EUVD-2017-8223
Malware in sbrugna...
EUVD-2007-1623
Malware in sbrugna...
EUVD-2009-4403
Malware in sbrugna...
EUVD-2024-33580
Malicious code in bioql PyPI...
Geovision GV-ASWeb 代码注入漏洞
Geovision GV-ASWeb is a Web-based software from Geovision China for remote access and configuration of GV-ASManager's database. A code injection vulnerability exists in Geovision GV-ASWeb, which can be exploited by an attacker to execute arbitrary commands on the system...
CVE-2024-10244
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ISDO Software Web Software allows SQL Injection. This issue affects Web Software: before 3.6...
Geovision GV-ASWeb 安全漏洞
Geovision GV-ASWeb is a web-based software from Geovision China that is used to remotely access and configure the GV-ASManager's database. A security vulnerability exists in Geovision GV-ASWeb version 6.1.1.0 and earlier, which stems from a cross-site request forgery CSRF in the account managemen...
CVE-2024-10244
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ISDO Software Web Software allows SQL Injection. This issue affects Web Software: before 3.6...
CVE-2024-10244
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ISDO Software Web Software allows SQL Injection. This issue affects Web Software: before 3.6...
CVE-2024-10244 SQLi in ISDO Software's Web Software
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ISDO Software Web Software allows SQL Injection. This issue affects Web Software: before 3.6...
CVE-2024-10244 SQLi in ISDO Software's Web Software
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ISDO Software Web Software allows SQL Injection. This issue affects Web Software: before 3.6...
CVE-2024-10244
CVE-2024-10244 affects ISDO Software Web Software. The issue is an SQL Injection caused by improper neutralization of special elements in the web app, exploitable remotely (NETWORK) with no user interaction. Affected versions are Web Software prior to 3.6. Impact per metrics is high/critical (C/H...
ISDO Software Web Software SQL注入漏洞
ISDO Software Web Software is an application from ISDO Software. A SQL injection vulnerability exists in ISDO Software Web Software versions prior to 3.6, which stems from improper neutralization of special elements...
SS-2023-002 - Cross-site scripting (XSS) vulnerabilities inherited form TinyMCE
More info at https://www.silverstripe.org/download/security-releases/SS-2023-002...
CodeIgniter CMS 4.2.0 SQL Injection
+++++++++++++++++++++++++++++++++ + +Exploit Title : CodeIgniter CMS Version 4.2.0 Sql Injection Vulnerability + +Exploit Author : E1.Coders + +Vendor Homepage : https://www.codeigniter.com/ + +Google Dork ONE : searchResult/?title= + +Google Dork Two : Job/searchResult/?title= + +Date : 15 / 05 ...
JVN#68244135: rNote vulnerable to cross-site scripting
rNote provided by Woody Rinn is software to create a blog. rNote contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who is accessing an website that uses rNote. Solution Consider stop using rNote 0.9.7.5 Since the...
SUSE-SU-2020:2198-1 Security update for webkit2gtk3
This update for webkit2gtk3 fixes the following issues: - Update to version 2.28.4 bsc1174662: + Fix several crashes and rendering issues. + Security fixes: CVE-2020-9862, CVE-2020-9893, CVE-2020-9894, CVE-2020-9895, CVE-2020-9915, CVE-2020-9925...