EUVD-2021-28081

Malicious code in bioql PyPI...

CVE-2021-40927

Cross-site scripting XSS vulnerability in callback.php in Spotify-for-Alfred 0.13.9 and below allows remote attackers to inject arbitrary web script or HTML via the error parameter...

WordPress Alfred Easy Shipping plugin <= 1.0.5 - Malicious Polyfill.io Embed vulnerability

Malicious Polyfill.io Embed vulnerability discovered by Sansec.io in WordPress Plugin Alfred Easy Shipping versions = 1.0.5...

WordPress Alfred Easy Shipping Plugin <= 1.0.5 is vulnerable to Backdoor

Software Alfred Easy Shipping Type Plugin Vulnerable versions = 1.0.5 Fixed in N/A OWASP Top 10 A3: Injection Classification Backdoor CVE N/A Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID c071f3d22627 Credits Sansec.io Required privilege Unauthenticated Published 3 July,...

alfred-schmidt.com Improper Access Control vulnerability OBB-2425857

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

ethos.alfredstate.edu Cross Site Scripting vulnerability OBB-2277949

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2021-40927

Cross-site scripting XSS vulnerability in callback.php in Spotify-for-Alfred 0.13.9 and below allows remote attackers to inject arbitrary web script or HTML via the error parameter...

CVE-2021-40927

Cross-site scripting XSS vulnerability in callback.php in Spotify-for-Alfred 0.13.9 and below allows remote attackers to inject arbitrary web script or HTML via the error parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in callback.php in Spotify-for-Alfred 0.13.9 and below allows remote attackers to inject arbitrary web script or HTML via the error parameter...

CVE-2021-40927

Cross-site scripting XSS vulnerability in callback.php in Spotify-for-Alfred 0.13.9 and below allows remote attackers to inject arbitrary web script or HTML via the error parameter...

CVE-2021-40927

CVE-2021-40927 is an XSS vulnerability in the Spotify-for-Alfred project (callback.php) affecting version 0.13.9 and earlier. The flaw allows remote attackers to inject arbitrary web script or HTML via the error parameter. According to NVD metrics, the exploitability is network-based with medium ...

Spotify-for-Alfred 跨站脚本漏洞

Spotify-For-Alfred Spotifious is an open source licensed streaming music service platform by Ben Stolovitz, an individual developer. A cross-site scripting vulnerability exists in Spotify-for-Alfred versions 0.13.9 and below, which allows remote attackers to inject arbitrary web script or HTML vi...

alfred-material-manager (>=1.0.0 <=1.0.5) potentially affected by unknown CVE via alfred-workflow-nodejs (=2.0.4)

alfred-workflow-nodejs NPM version =2.0.4 is affected by a known vulnerability. The following packages have a transitive dependency on alfred-workflow-nodejs and may be impacted: - alfred-material-manager =1.0.0, =1.0.5 Source cves: unknown CVE Source advisory: SNYK:JS-ALFREDWORKFLOWNODEJS-608975...

Command Injection

Overview alfred-workflow-nodejs is an Alfred workflow nodejs module Affected versions of this package are vulnerable to Command Injection. It is possible to inject arbitrary commands by using a semicolon char in any of the key values. PoC var AlfredNode = require'alfred-workflow-nodejs'; var util...

alfred-sauter.de XSS vulnerability

Open Bug Bounty ID: OBB-700662 Description| Value ---|--- Affected Website:| alfred-sauter.de Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| hidden until disclosure Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| hidden...

mcal.alfredstate.edu XSS vulnerability

Open Bug Bounty ID: OBB-628435 Description| Value ---|--- Affected Website:| mcal.alfredstate.edu Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

holidayweb.co.za XSS vulnerability

Vulnerable URL:...

Home Security Camera - Alfred - Customized SSL, Dangerous filesystem permissions, Exported ContentProvider vulnerabilities

HackApp vulnerability scanner discovered that application Home Security Camera - Alfred published at the 'play' market has multiple vulnerabilities...