CVE-2022-0372

Cross-site Scripting XSS - Stored in Packagist bytefury/crater prior to 6.0.2...

EUVD-2022-0489

Malicious code in bioql PyPI...

Cross-site Scripting (XSS)

bytefury/crater is vulnerable to cross-site scripting XSS attacks. A malicious user can inject and execute arbitrary code on victim's browser via a crafted .SVG file with Javascript embedded into it...

CVE-2022-0372

Cross-site Scripting XSS - Stored in Packagist bytefury/crater prior to 6.0.2...

Cross site scripting

Cross-site Scripting XSS - Stored in Packagist bytefury/crater prior to 6.0.2...

CVE-2022-0372

CVE-2022-0372 is a Stored XSS vulnerability in Crater’s packaging (bytefury/crater) prior to version 6.0.2. The issue is triggered by storing XSS content, allowing injected script to run in victims’ browsers. Affected software is Crater Invoice, specifically the bytefury/crater package before 6.0...

CVE-2022-0372 Cross-site Scripting (XSS) - Stored in crater-invoice/crater

Cross-site Scripting XSS - Stored in Packagist bytefury/crater prior to 6.0.2...

CVE-2022-0372 Cross-site Scripting (XSS) - Stored in crater-invoice/crater

Cross-site Scripting XSS - Stored in Packagist bytefury/crater prior to 6.0.2...

Pimcore 跨站脚本漏洞

Pimcore is Austria Pimcore company's set of open source for creating and managing Web applications Web content management platform. The platform integrates applications for Web content management, e-commerce frameworks and product information management. A security vulnerability exists in pimcore...

Cross-site Scripting (XSS) - Stored in bytefury/crater

✍️ Description Stored xss using customer billing address 🕵️‍♂️ Proof of Concept 1. First goto demo app https://demo.craterapp.com/admin/customers/create and create a customer . During creation put bellow xss payload in billing address field and save it . Now see xss is executed payload -- xss"'...