@bodonkey/charting-extension (>=1.0.0 <=1.1.0), @stepanjakl/apostrophe-stripe-checkout (>=0.0.1 <=0.0.5) +2 more potentially affected by CVE-2026-45011 via apostrophe (=4.29.0)

apostrophe NPM version =4.29.0 is affected by a known vulnerability. The following packages have a transitive dependency on apostrophe and may be impacted: - @bodonkey/charting-extension =1.0.0, =0.0.1, =0.0.1, =0.0.8 - tfp-procrea =1.0.0 Source cves: CVE-2026-45011 Source advisory:...

@bodonkey/charting-extension (>=1.0.0 <=1.1.0), @draadnl/openstad-cms (>=0.12.2 <=0.12.3) +7 more potentially affected by CVE-2026-45012 via apostrophe (>=0.5.393 <=4.29.0)

apostrophe NPM version =0.5.393, =1.0.0, =0.12.2, =0.0.1, =0.0.1, =2.0.0, =0.5.0, =1.0.0, =1.0.2 - tfp-procrea =1.0.0 Source cves: CVE-2026-45012 Source advisory: OSV:GHSA-PR28-MF3Q-QPG6...

EUVD-2021-1014

Malware in sbrugna...

EUVD-2023-28128

Malicious code in bioql PyPI...

CVE-2023-24610

NOSH 4a5cfdb allows remote authenticated users to execute PHP arbitrary code via the "practice logo" upload feature. The client-side checks can be bypassed. This may allow attackers to steal Protected Health Information because the product is for health charting...

CVE-2021-29489

Highcharts JS is a JavaScript charting library based on SVG. In Highcharts versions 8 and earlier, the chart options structure was not systematically filtered for XSS vectors. The potential impact was that content from untrusted sources could execute code in the end user's browser. The...

CVE-2023-24610

NOSH 4a5cfdb allows remote authenticated users to execute PHP arbitrary code via the "practice logo" upload feature. The client-side checks can be bypassed. This may allow attackers to steal Protected Health Information because the product is for health charting...

Design/Logic Flaw

NOSH 4a5cfdb allows remote authenticated users to execute PHP arbitrary code via the "practice logo" upload feature. The client-side checks can be bypassed. This may allow attackers to steal Protected Health Information because the product is for health charting...

CVE-2023-24610

CVE-2023-24610 affects NOSH Chartingsystem (NOSH 4a5cfdb). A remote authenticated user can trigger PHP arbitrary code execution via the “practice logo” upload feature after bypassing client-side checks. Impact per sources includes potential exposure of Protected Health Information due to health-c...

CVE-2023-24610

NOSH 4a5cfdb allows remote authenticated users to execute PHP arbitrary code via the "practice logo" upload feature. The client-side checks can be bypassed. This may allow attackers to steal Protected Health Information because the product is for health charting...

CVE-2023-24065

NOSH 4a5cfdb allows stored XSS via the create user page. For example, a first name of a physician, assistant, or billing user can have a JavaScript payload that is executed upon visiting the /users/2/1 page. This may allow attackers to steal Protected Health Information because the product is for...

Cross site scripting

NOSH 4a5cfdb allows stored XSS via the create user page. For example, a first name of a physician, assistant, or billing user can have a JavaScript payload that is executed upon visiting the /users/2/1 page. This may allow attackers to steal Protected Health Information because the product is for...

NOSH ChartingSystem 跨站脚本漏洞

NOSH ChartingSystem is an electronic health record system designed for physicians and patients. A security vulnerability exists in NOSH ChartingSystem. An attacker could exploit the vulnerability to steal protected health information...

CVE-2023-24065

NOSH 4a5cfdb allows stored XSS via the create user page. For example, a first name of a physician, assistant, or billing user can have a JavaScript payload that is executed upon visiting the /users/2/1 page. This may allow attackers to steal Protected Health Information because the product is for...

CVE-2023-24065

The CVE-2023-24065 entry affects NOSH (version 4a5cfdb) and describes a stored XSS vulnerability on the create user page. A crafted first name field can execute JavaScript when visiting /users/2/1, with potential to exfiltrate Protected Health Information in a healthcare-charting context. Public ...

CVE-2023-24065

NOSH 4a5cfdb allows stored XSS via the create user page. For example, a first name of a physician, assistant, or billing user can have a JavaScript payload that is executed upon visiting the /users/2/1 page. This may allow attackers to steal Protected Health Information because the product is for...

CVE-2022-31108

Summary of CVE-2022-31108 (mermaid.js) : The vulnerability allows an attacker to inject arbitrary CSS into the generated graph, enabling styling changes to elements outside the SVG and potential information disclosure via CSS selectors that trigger HTTP requests. The issue is tied to how user inp...

Malicious code in charting-library-angular5 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a0951e2547b550ff0a715125f78bd5fe0e8f2ed31b905487677cc4bb51b20785 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in charting-library-react-example (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8cba3185261bbaca364e13eb20f22442df73c6fa2a62f6387cb1a6215d99ecd1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-1886 Malicious code in charting-library-react-example (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8cba3185261bbaca364e13eb20f22442df73c6fa2a62f6387cb1a6215d99ecd1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...