Lucene search
K

125 matches found

Github Security Blog
Github Security Blog
added 2020/09/03 2:34 a.m.34 views

Malicious Package in vue-backbone

Version 0.1.2 of vue-backbone contained malicious code. The code when executed in the browser would enumerate password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your environment and evaluate...

4.3AI score
Exploits0References2Affected Software1
OSV
OSV
added 2020/09/03 2:34 a.m.13 views

GHSA-5635-9MVJ-R6HP Malicious Package in vue-backbone

Version 0.1.2 of vue-backbone contained malicious code. The code when executed in the browser would enumerate password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your environment and evaluate...

9.8CVSS7.2AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2019/10/24 9:18 a.m.121 views

Moderate: Red Hat Security Advisory: Red Hat AMQ Streams 1.3.0 release and security update

Red Hat AMQ Streams 1.3.0 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

9.8CVSS7.4AI score0.45205EPSS
Exploits5References13
Veracode
Veracode
added 2019/06/10 3:55 a.m.10 views

Malicious Package

vue-backbone contains malicious code. The code when executed in the browser would capture password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl=...

6.9AI score
Exploits0
Node.js
Node.js
added 2019/06/07 7:32 p.m.17 views

Malicious Package

Overview Version 0.1.2 of vue-backbone contained malicious code. The code when executed in the browser would enumerate password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your environment and...

7AI score
Exploits0Affected Software1
vulnersOsv
vulnersOsv
added 2019/02/18 11:39 p.m.5 views

backbone-couch (>=0.4.0 <=0.5.4), backbone-stash (=0.0.4) +3 more potentially affected by CVE-2016-10537 via backbone (=0.3.3)

backbone NPM version =0.3.3 is affected by a known vulnerability. The following packages have a transitive dependency on backbone and may be impacted: - backbone-couch =0.4.0, =1.1.0, =0.4.0, =0.1.0, =1.0.0 Source cves: CVE-2016-10537 Source advisory: OSV:GHSA-J6P2-CX3W-6JCP...

5.4CVSS6.4AI score0.00686EPSS
Exploits0
OSV
OSV
added 2019/02/18 11:39 p.m.23 views

GHSA-J6P2-CX3W-6JCP Cross-Site Scripting in backbone

Affected versions of backbone are vulnerable to cross-site scripting when users are allowed to supply input to the ModelEscape function, and the output is then written to the DOM. The vulnerability occurs as a result of the regular expression used to encode metacharacters failing to take HTML...

5.4CVSS5.5AI score0.00686EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2019/02/18 11:39 p.m.32 views

Cross-Site Scripting in backbone

Affected versions of backbone are vulnerable to cross-site scripting when users are allowed to supply input to the ModelEscape function, and the output is then written to the DOM. The vulnerability occurs as a result of the regular expression used to encode metacharacters failing to take HTML...

5.4CVSS2.1AI score0.00686EPSS
Exploits0References7Affected Software1
NVD
NVD
added 2018/05/31 8:29 p.m.21 views

CVE-2016-10537

backbone is a module that adds in structure to a JavaScript heavy application through key-value pairs and custom events connecting to your RESTful API through JSON There exists a potential Cross Site Scripting vulnerability in the ModelEscape function of backbone 0.3.3 and earlier, if a user is...

5.4CVSS5.2AI score0.00686EPSS
Exploits0References2
OSV
OSV
added 2018/05/31 8:29 p.m.2 views

DEBIAN-CVE-2016-10537

backbone is a module that adds in structure to a JavaScript heavy application through key-value pairs and custom events connecting to your RESTful API through JSON There exists a potential Cross Site Scripting vulnerability in the ModelEscape function of backbone 0.3.3 and earlier, if a user is...

5.4CVSS5.4AI score0.00686EPSS
Exploits0References1
OSV
OSV
added 2018/05/31 8:29 p.m.26 views

CVE-2016-10537

backbone is a module that adds in structure to a JavaScript heavy application through key-value pairs and custom events connecting to your RESTful API through JSON There exists a potential Cross Site Scripting vulnerability in the ModelEscape function of backbone 0.3.3 and earlier, if a user is...

5.4CVSS5.6AI score
Exploits0References2
UbuntuCve
UbuntuCve
added 2018/05/31 8:29 p.m.26 views

CVE-2016-10537

backbone is a module that adds in structure to a JavaScript heavy application through key-value pairs and custom events connecting to your RESTful API through JSON There exists a potential Cross Site Scripting vulnerability in the ModelEscape function of backbone 0.3.3 and earlier, if a user is...

5.4CVSS6.5AI score0.00686EPSS
Exploits0References3
Prion
Prion
added 2018/05/31 8:29 p.m.23 views

Cross site scripting

backbone is a module that adds in structure to a JavaScript heavy application through key-value pairs and custom events connecting to your RESTful API through JSON There exists a potential Cross Site Scripting vulnerability in the ModelEscape function of backbone 0.3.3 and earlier, if a user is...

3.5CVSS6.3AI score0.00686EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2018/05/31 8:0 p.m.71 views

CVE-2016-10537

The CVE-2016-10537 entry concerns the Backbone.js backbone module (v0.3.3 and earlier) vulnerable to cross-site scripting via the Model#Escape function. The root cause is a regex that fails to encode HTML metacharacters (e.g.,

5.4CVSS5.4AI score0.00686EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2018/05/31 8:0 p.m.25 views

CVE-2016-10537

backbone is a module that adds in structure to a JavaScript heavy application through key-value pairs and custom events connecting to your RESTful API through JSON There exists a potential Cross Site Scripting vulnerability in the ModelEscape function of backbone 0.3.3 and earlier, if a user is...

5.2AI score0.00686EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2018/05/31 8:0 p.m.34 views

CVE-2016-10537

backbone is a module that adds in structure to a JavaScript heavy application through key-value pairs and custom events connecting to your RESTful API through JSON There exists a potential Cross Site Scripting vulnerability in the ModelEscape function of backbone 0.3.3 and earlier, if a user is...

5.4CVSS6.1AI score0.00686EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2018/04/10 3:29 p.m.2 views

CVE-2014-2073

Stack-based buffer overflow in Dassault Systemes CATIA V5-6R2013 allows remote attackers to execute arbitrary code via a crafted packet, related to "CATV5BackboneBus."...

9.8CVSS6.4AI score0.04902EPSS
Exploits1References2
NVD
NVD
added 2016/07/21 10:15 a.m.23 views

CVE-2016-5475

Unspecified vulnerability in the Oracle Retail Service Backbone component in Oracle Retail Applications 14.0, 14.1, and 15.0 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to Install...

8CVSS6.2AI score0.02422EPSS
Exploits0References4
OSV
OSV
added 2016/07/21 10:15 a.m.3 views

CVE-2016-5475

Unspecified vulnerability in the Oracle Retail Service Backbone component in Oracle Retail Applications 14.0, 14.1, and 15.0 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to Install...

7.6CVSS5.8AI score0.02422EPSS
Exploits0References4
OSV
OSV
added 2016/07/21 10:15 a.m.2 views

CVE-2016-5474

Unspecified vulnerability in the Oracle Retail Service Backbone component in Oracle Retail Applications 14.0, 14.1, and 15.0 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to RSB Kernel...

8.8CVSS5.8AI score0.04199EPSS
Exploits0References4
Rows per page
Query Builder