3 matches found
Malicious code in polipoli-pak (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a8693677ff1f1f887c11d3b4f6ad3f1742c7eefd07b6b8cfabd6cfccc32bc48f On npm install, postinstall.js runs automatically and performs two unauthorized actions against the installer. First, it POSTs a JSON fingerprint of...
CVE-2020-37237
Composr CMS 10.0.34 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through the banner management interface. Attackers with admin credentials can inject XSS payloads in the Description field of the Add banner...
Composr CMS Cross-Site Scripting Vulnerability
Ocproducts Composr CMS is an open source content management system CMS written in PHP by ocProducts UK. Composr CMS 10.0.34 suffers from a cross-site scripting vulnerability that can be exploited by a remote attacker to insert arbitrary web script or HTML by adding a banner to the description fie...