42 matches found
EUVD-2021-32007
Malicious code in bioql PyPI...
EUVD-2021-32005
Malicious code in bioql PyPI...
EUVD-2021-32004
Malicious code in bioql PyPI...
EUVD-2021-32009
Malicious code in bioql PyPI...
EUVD-2021-32008
Malicious code in bioql PyPI...
EUVD-2021-32010
Malicious code in bioql PyPI...
EUVD-2021-32006
Malicious code in bioql PyPI...
CVE-2021-45224
An issue was discovered in COINS Construction Cloud 11.12. In several locations throughout the application, JavaScript code is passed as a URL parameter. Attackers can trivially alter this code to cause malicious behaviour. The application is therefore vulnerable to reflected XSS via malicious UR...
CVE-2021-45226
An issue was discovered in COINS Construction Cloud 11.12. Due to improper validation of user-controlled HTTP headers, attackers can cause it to send password-reset e-mails pointing to arbitrary websites...
CVE-2021-45228
An XSS issue was discovered in COINS Construction Cloud 11.12. Due to insufficient neutralization of user input in the description of a task, it is possible to store malicious JavaScript code in the task description. This is later executed when it is reflected back to the user...
CVE-2021-45228
An XSS issue was discovered in COINS Construction Cloud 11.12. Due to insufficient neutralization of user input in the description of a task, it is possible to store malicious JavaScript code in the task description. This is later executed when it is reflected back to the user...
CVE-2021-45227
An issue was discovered in COINS Construction Cloud 11.12. Due to an inappropriate use of HTML IFRAME elements, the file upload functionality is vulnerable to a persistent Cross-Site Scripting XSS attack...
Cross site scripting
An issue was discovered in COINS Construction Cloud 11.12. Due to an inappropriate use of HTML IFRAME elements, the file upload functionality is vulnerable to a persistent Cross-Site Scripting XSS attack...
Design/Logic Flaw
An XSS issue was discovered in COINS Construction Cloud 11.12. Due to insufficient neutralization of user input in the description of a task, it is possible to store malicious JavaScript code in the task description. This is later executed when it is reflected back to the user...
CVE-2021-45227
An issue was discovered in COINS Construction Cloud 11.12. Due to an inappropriate use of HTML IFRAME elements, the file upload functionality is vulnerable to a persistent Cross-Site Scripting XSS attack...
CVE-2021-45227
COINS Construction Cloud 11.12 contains a persistent Cross-Site Scripting (XSS) flaw in the file upload flow due to inappropriate handling of HTML IFRAME elements. Root cause: improper IFRAME usage during uploads enables script persistence. Impact is documented as client-side compromise; CVSS sco...
CVE-2021-45228
An XSS issue was discovered in COINS Construction Cloud 11.12. Due to insufficient neutralization of user input in the description of a task, it is possible to store malicious JavaScript code in the task description. This is later executed when it is reflected back to the user...
CVE-2021-45228
CVE-2021-45228 is an XSS vulnerability in COINS Construction Cloud 11.12. The issue stems from insufficient neutralization of user input in the description of a task, allowing stored malicious JavaScript which is later reflected back to users. Affected source describes that the vulnerability can ...
COINS Construction Cloud 跨站脚本漏洞
COINS Construction Cloud is an end-to-end suite of cloud and mobile software solutions from COINS, Inc. designed to help construction executives drive increased profitability across their business. A cross-site scripting vulnerability exists in COINS Construction Cloud 11.12 that stems from...
COINS Construction Cloud 跨站脚本漏洞
COINS Construction Cloud is an end-to-end suite of cloud and mobile software solutions from COINS, Inc. designed to help construction executives drive increased profitability across their business. A cross-site scripting vulnerability exists in COINS Construction Cloud version 11.12, which stems...