5 matches found
Open Redirect
Overview org.webjars.npm:nitropack is a Build and Deploy Universal JavaScript Servers Affected versions of this package are vulnerable to Open Redirect via the routeRules function. An attacker can redirect users to arbitrary external sites by crafting URLs with double slashes after the route...
EUVD-2023-34928
Malicious code in bioql PyPI...
BIT-DISCOURSE-2023-30538 Stored Cross-site Scripting via improper sanitization of svg files in Discourse
Discourse is an open source platform for community discussion. Due to the improper sanitization of SVG files, an attacker can execute arbitrary JavaScript on the users’ browsers by uploading a crafted SVG file. This issue is patched in the latest stable and tests-passed versions of Discourse. Use...
CVE-2023-30538 Stored Cross-site Scripting via improper sanitization of svg files in Discourse
Discourse is an open source platform for community discussion. Due to the improper sanitization of SVG files, an attacker can execute arbitrary JavaScript on the users’ browsers by uploading a crafted SVG file. This issue is patched in the latest stable and tests-passed versions of Discourse. Use...
CVE-2023-30538
CVE-2023-30538 affects the Discourse open source platform. The issue results from improper sanitization of SVG files, allowing an attacker to execute arbitrary JavaScript in users’ browsers when uploading a crafted SVG. The vulnerability is mitigated in the latest stable and tests-passed Discours...