Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

9 matches found

Veracode
Veracodeadded 2023/12/05 7:52 a.m.12 views

Cross-Site Scripting(XSS)

Ajax.NET Professional is vulnerable to Cross Site Scripting XSS. The vulnerability is due to the missing data validation in the parse function of core.js. This could allow an attacker to execute arbitrary Javascript...

6.3CVSS6.9AI score0.00347EPSS
Exploits0References4Affected Software1
Veracode
Veracodeadded 2023/03/02 2:49 a.m.16 views

Prototype Pollution

utilities is vulnerable to Prototype Pollution. The vulnerability exists in the mix function of utilities/lib/core.js when the object is merged, which allows an attacker to cause prototype pollution...

7.5CVSS7.1AI score0.00216EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichmentadded 2023/02/24 5:0 a.m.4 views

CVE-2023-26102

All versions of the package rangy are vulnerable to Prototype Pollution when using the extend function in file rangy-core.js.The function uses recursive merge which can lead an attacker to modify properties of the Object.prototype...

7.5CVSS8.1AI score0.00353EPSS
Exploits1References2
Veracode
Veracodeadded 2023/01/05 8:7 a.m.16 views

Prototype Pollution

fast-json-patch is vulnerable to prototype pollution. The vulnerability exists in the applyOperation function of core.js, due to the improper checks for the key variable which allows an attacker to modify object prototype attributes...

9.8CVSS4.9AI score0.00465EPSS
Exploits1References5Affected Software1
Veracode
Veracodeadded 2022/07/22 5:15 a.m.32 views

Denial Of Service (DoS)

file-type is vulnerable to denial of service. The vulnerability exists in the FileTypeParser function in core.js due to a lack of input sanitization in the file type detector which allows an attacker to cause an application crash by sending mkv file...

5.5CVSS5.6AI score0.00171EPSS
Exploits0References7Affected Software1
Veracode
Veracodeadded 2021/12/23 9:44 a.m.10 views

Cross-site Scripting (XSS)

ajaxnetprofessional is vulnerable to cross-site scripting attacks. The vulnerability exists due to lack of input validation in parse function of AjaxPro/core.js in when parsing json input which allows a malicious attacker to inject and execute arbitrary javascript...

8.7CVSS4.8AI score0.00239EPSS
Exploits0References3Affected Software1
Prion
Prionadded 2019/02/12 6:29 p.m.10 views

Design/Logic Flaw

An issue was discovered in Joomla! before 3.9.3. Inadequate parameter handling in JavaScript code core.js writeDynaList could lead to an XSS attack vector...

4.3CVSS5.9AI score0.00163EPSS
Exploits0References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions Listadded 2018/10/07 12:0 a.m.24 views

[20190205] - Core - XSS Issue in core.js writeDynaList

Inadequate parameter handling in JS code could lead to an XSS attack vector...

6.1CVSS7.5AI score0.00163EPSS
Exploits0Affected Software1
0day.today
0day.todayadded 2010/08/19 12:0 a.m.17 views

vBulletin v4.0.4 adserver Javascript (forumdisplay.php) Code Execution

Exploit for php platform in category web applications ====================================================================== vBulletin v4.0.4 adserver Javascript forumdisplay.php Code Execution ======================================================================...

7.1AI score
Exploits0
Rows per page
Query Builder