CVE-2021-23416

CVE-2021-23416 : Cross-site Scripting in curly-bracket-parser affects all versions when used as a template library due to improper sanitization of user input. The vulnerability enables injection of malicious scripts through template processing. Public advisories (GHSA/OSV) corroborate XSS across ...

CVE-2021-23416

This affects all versions of package curly-bracket-parser. When used as a template library, it does not properly sanitize the user input...

rvm-windows (>=0.0.1 <=1.0.4), simpartic (>=0.1.4 <=0.8.8) +1 more potentially affected by CVE-2021-23416 via curly-bracket-parser (=1.3.5)

curly-bracket-parser NPM version =1.3.5 is affected by a known vulnerability. The following packages have a transitive dependency on curly-bracket-parser and may be impacted: - rvm-windows =0.0.1, =0.1.4, =0.3.0, =0.9.53 Source cves: CVE-2021-23416 Source advisory: SNYK:JS-CURLYBRACKETPARSER-1297...

Cross-site Scripting (XSS)

Overview curly-bracket-parser is a Simple parser to replace variables inside templates/strings and files. Affected versions of this package are vulnerable to Cross-site Scripting XSS. When used as a template library, it does not properly sanitize the user input. PoC const express = require'expres...

Unable to type the left bracket "[" in published desktop via Workspace app for HTML5

Users cannot type left square bracket "" in published desktop Accessing published desktop via Workspace app for HTML5 through Mozilla Firefox...

@27works/posto (=2.0.2), jstransformer-bracket-template (=0.0.1) +1 more potentially affected by unknown CVE via bracket-template (=1.1.5)

bracket-template NPM version =1.1.5 is affected by a known vulnerability. The following packages have a transitive dependency on bracket-template and may be impacted: - @27works/posto =2.0.2 - jstransformer-bracket-template =0.0.1 - roo-bid =0.0.5, =0.0.7 Source cves: unknown CVE Source advisory:...

Cross-Site Scripting in bracket-template

All versions of bracket-template are vulnerable to stored cross-site scripting XSS. This is exploitable when a variable passed in via a GET parameter is used in a template. Recommendation No fix is currently available for this vulnerability. It is our recommendation to not install or use this...

GHSA-JJ6G-7J8P-7GF2 Cross-Site Scripting in bracket-template

All versions of bracket-template are vulnerable to stored cross-site scripting XSS. This is exploitable when a variable passed in via a GET parameter is used in a template. Recommendation No fix is currently available for this vulnerability. It is our recommendation to not install or use this...

pcre: Out-of-bounds read in compile_bracket_matchingpath function (8.41/3)

The compilebracketmatchingpath function in pcrejitcompile.c in PCRE through 8.x before revision 1680 e.g., the PHP 7.1.1 bundled version allows remote attackers to cause a denial of service out-of-bounds read and application crash via a crafted regular expression...

@27works/posto (=2.0.2), jstransformer-bracket-template (=0.0.1) +1 more potentially affected by CVE-2018-3735 via bracket-template (=1.1.5)

bracket-template NPM version =1.1.5 is affected by a known vulnerability. The following packages have a transitive dependency on bracket-template and may be impacted: - @27works/posto =2.0.2 - jstransformer-bracket-template =0.0.1 - roo-bid =0.0.5, =0.0.7 Source cves: CVE-2018-3735 Source advisor...

GHSA-488M-6GH8-9J36 bracket-template vulnerable to reflected XSS

bracket-template suffers from reflected XSS possible when variable passed via GET parameter is used in template...

Bracket-template Cross-Site Scripting Vulnerability

bracket-template is a JavaScript template library for modern browsers. A cross-site scripting vulnerability exists in bracket-template. This vulnerability can be exploited by a remote attacker to inject malicious code via GET parameters...

CVE-2018-3735

bracket-template suffers from reflected XSS possible when variable passed via GET parameter is used in template...

CVE-2018-3735

bracket-template suffers from reflected XSS possible when variable passed via GET parameter is used in template...

PT-2018-16159 · Bracket · Bracket-Template

Name of the Vulnerable Software and Affected Versions: bracket-template affected versions not specified Description: The issue is related to reflected XSS, which can occur when a variable passed via a GET parameter is used in a template. Recommendations: At the moment, there is no information abo...

Cross-Site Scripting

Overview All versions of bracket-template are vulnerable to stored cross-site scripting XSS. This is exploitable when a variable passed in via a GET parameter is used in a template. Recommendation No fix is currently available for this vulnerability. It is our recommendation to not install or use...

Haxx curl and libcurl denial of service vulnerabilities

Haxx curl and libcurl are both products of the Swedish company Haxx. curl is a set of file transfer tools that utilize URL syntax to work at the command line. libcurl is a free, open source client-side URL transfer library. A denial of service vulnerability exists in the FTP wildcard function in...

DEBIAN-CVE-2017-8817

The FTP wildcard function in curl and libcurl before 7.57.0 allows remote attackers to cause a denial of service out-of-bounds read and application crash or possibly have unspecified other impact via a string that ends with an '' character...

CVE-2017-8817

The FTP wildcard function in curl and libcurl before 7.57.0 allows remote attackers to cause a denial of service out-of-bounds read and application crash or possibly have unspecified other impact via a string that ends with an '' character...

OpenJDK: incorrect bracket processing in function signature handling (Hotspot, 8170966)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Hotspot. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...