EUVD-2025-201555

Malicious code in ssf-desktop-api-browser npm...

Cross-site Scripting (XSS)

org.graylog2:graylog2-server is vulnerable to Cross-site Scripting XSS. The vulnerability is due to insufficient input sanitization due to improper handling of uploaded files that allows execution of arbitrary JavaScript in the frontend when accessed via the API browser...

Graylog Allows Stored Cross-Site Scripting via Files Plugin and API Browser

Impact Two minor vulnerabilities were identified in the Graylog2 enterprise server, which can be combined to carry out a stored cross-site scripting attack. An attacker with the permission FILESCREATE can exploit these vulnerabilities to upload arbitrary Javascript code to the Graylog2 server,...

GHSA-Q9Q2-3PPX-MWQF Graylog Allows Stored Cross-Site Scripting via Files Plugin and API Browser

Impact Two minor vulnerabilities were identified in the Graylog2 enterprise server, which can be combined to carry out a stored cross-site scripting attack. An attacker with the permission FILESCREATE can exploit these vulnerabilities to upload arbitrary Javascript code to the Graylog2 server,...

GHSA-4233-7Q5Q-M7P6 google-translate-api-browser Server-Side Request Forgery (SSRF) Vulnerability

Summary A Server-Side Request Forgery SSRF Vulnerability is present in applications utilizing the google-translate-api-browser package and exposing the translateOptions to the end user. An attacker can set a malicious tld, causing the application to return unsafe URLs pointing towards local...

google-translate-api-browser Server-Side Request Forgery (SSRF) Vulnerability

Summary A Server-Side Request Forgery SSRF Vulnerability is present in applications utilizing the google-translate-api-browser package and exposing the translateOptions to the end user. An attacker can set a malicious tld, causing the application to return unsafe URLs pointing towards local...

Server Side Request Forgery

google-translate-api-browser is vulnerable to Server Side Request Forgery. The vulnerability is due to improper sanitization of the translateOptions.tld field in the Google translate URL. If an application utilizing the package exposes the translateOptions to the end user, an attacker can set a...

Server side request forgery (ssrf)

google-translate-api-browser is an npm package which interfaces with the google translate web api. A Server-Side Request Forgery SSRF Vulnerability is present in applications utilizing the google-translate-api-browser package and exposing the translateOptions to the end user. An attacker can set ...

CVE-2023-48711

CVE-2023-48711 corresponds to a Server-Side Request Forgery (SSRF) in google-translate-api-browser. The vulnerability arises when applications expose translateOptions to end users; the translateOptions.tld field is not properly sanitized before embedding in the Google Translate URL, enabling an a...

CVE-2023-48711 Server-Side Request Forgery (SSRF) Vulnerability in google-translate-api-browser

google-translate-api-browser is an npm package which interfaces with the google translate web api. A Server-Side Request Forgery SSRF Vulnerability is present in applications utilizing the google-translate-api-browser package and exposing the translateOptions to the end user. An attacker can set ...

PT-2023-20332 · Opentsdb · Opentsdb

Name of the Vulnerable Software and Affected Versions: OpenTSDB affected versions not specified Description: The issue is caused by insufficient validation of parameters reflected in error messages by the legacy HTTP query API and the logging endpoint. This allows an attacker to inject and execut...

Cross-site Scripting Vulnerability

A cross-site scripting vulnerability exists in the web-based device management API browser whereby data provided by the user is echoed back to the user without sanitization. Ref 50908 This issue affects the management interface of the device where the API browser is exposed. This issue affects...