18 matches found
CVE-2025-56648
CVE-2025-56648 affects npm parcel 2.0.0-alpha and earlier, with an Origin Validation Error. The vulnerability allows a malicious site to send XMLHTTPRequests to the development server and read the response, potentially stealing source code when developers visit the site. The CVSSv3.1 base score i...
Cross site scripting
SVG Loader is a javascript library that fetches SVGs using XMLHttpRequests and injects the SVG code in the tag's place. According to the docs, svg-loader will strip all JS code before injecting the SVG file for security reasons but the input sanitization logic is not sufficient and can be trivial...
CVE-2023-40013 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in external-svg-loader
SVG Loader is a javascript library that fetches SVGs using XMLHttpRequests and injects the SVG code in the tag's place. According to the docs, svg-loader will strip all JS code before injecting the SVG file for security reasons but the input sanitization logic is not sufficient and can be trivial...
perfSONAR 4.4.5 Cross Site Request Forgery
Exploit Title: perfSONAR v4.4.5 - Partial Blind CSRF Link: https://github.com/perfsonar/ Affected Versions: v4.x = v4.4.5 Vulnerability Type: Partial Blind CSRF Discovered by: Ryan Moore CVE: CVE-2022-41413 Summary A partial blind CSRF vulnerability exists in perfSONAR v4.x = v4.4.5 within the...
perfSONAR v4.4.5 - Partial Blind CSRF Vulnerability
Exploit Title: perfSONAR v4.4.5 - Partial Blind CSRF Link: https://github.com/perfsonar/ Affected Versions: v4.x = v4.4.5 Vulnerability Type: Partial Blind CSRF Discovered by: Ryan Moore CVE: CVE-2022-41413 Summary A partial blind CSRF vulnerability exists in perfSONAR v4.x = v4.4.5 within the...
perfSONAR v4.4.5 - Partial Blind CSRF
Exploit Title: perfSONAR v4.4.5 - Partial Blind CSRF Link: https://github.com/perfsonar/ Affected Versions: v4.x = v4.4.5 Vulnerability Type: Partial Blind CSRF Discovered by: Ryan Moore CVE: CVE-2022-41413 Summary A partial blind CSRF vulnerability exists in perfSONAR v4.x = v4.4.5 within the...
Ubuntu: Security Advisory (USN-871-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE Security Update : libqt4 (openSUSE-SU-2013:0154-1)
libqt4 received a fix for a security issue : - avoid redirect to file url scheme in XMLHttpRequests bnc793194, CVE-2012-5624 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2013-11. T...
[CVE-2014-2035] XSS in InterWorx Web Control Panel <= 5.0.12
============================================== Product: InterWorx Web Control Panel Vendor: InterWorx LLC Tested Version: 5.0.12 build 569 Vulnerability Type: Cross-Site Scripting CWE-79 CVE Reference: CVE-2014-2035 Risk Level: Medium CVSSv2 Base Score: 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N Solution...
InterWorx Web Control Panel Cross Site Scripting
============================================== Product: InterWorx Web Control Panel Vendor: InterWorx LLC Tested Version: 5.0.12 build 569 Vulnerability Type: Cross-Site Scripting CWE-79 CVE Reference: CVE-2014-2035 Risk Level: Medium CVSSv2 Base Score: 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N Solution...
Google Chrome < 4.0.249.78 Multiple Vulnerabilities
The version of Google Chrome installed on the remote host is earlier than 4.0.249.78. Such versions are reportedly affected by multiple vulnerabilities : - A pop-up blocker bypass. Issue 3275 - Cross-domain theft due to CSS design error. Issue 9877 - Browser memory error with stale pop-up block...
Google Chrome < 4.0.249.78 Multiple Vulnerabilities
Binary data 5328.pasl...
USN-871-2: KDE 4 vulnerabilities
USN-871-1 fixed vulnerabilities in KDE. This update provides the corresponding updates for KDE 4. This update also fixes a directory traversal flaw in KDE when processing help:// URLs. This issue only affected Ubuntu 8.10. Original advisory details: It was discovered that the KDE libraries could...
USN-871-1: KDE vulnerabilities
A buffer overflow was found in the KDE libraries when converting a string to a floating point number. If a user or application linked against kdelibs were tricked into processing crafted input, an attacker could cause a denial of service via application crash or possibly execute arbitrary code wi...
Ubuntu 8.04 LTS / 8.10 / 9.04 / 9.10 : kdelibs vulnerabilities (USN-871-1)
A buffer overflow was found in the KDE libraries when converting a string to a floating point number. If a user or application linked against kdelibs were tricked into processing crafted input, an attacker could cause a denial of service via application crash or possibly execute arbitrary code wi...
FreeBSD : KDE -- multiple vulnerabilities (6f358f5a-c7ea-11de-a9f3-0030843d3802)
oCERT reports : Ark input sanitization errors: The KDE archiving tool, Ark, performs insufficient validation which leads to specially crafted archive files, using unknown MIME types, to be rendered using a KHTML instance, this can trigger uncontrolled XMLHTTPRequests to remote sites. IO Slaves...
KDE -- multiple vulnerabilities
oCERT reports: Ark input sanitization errors: The KDE archiving tool, Ark, performs insufficient validation which leads to specially crafted archive files, using unknown MIME types, to be rendered using a KHTML instance, this can trigger uncontrolled XMLHTTPRequests to remote sites. IO Slaves inp...
[oCERT-2009-015] KDE multiple issues
2009-015 KDE multiple issues Description: KDE, an open source desktop environment, suffers from several bugs that pose a security risk. The oCERT team was contacted by Portcullis Security requesting help in handling a series of issues reported to the KDE project back in July 2007. Because of an...