7 matches found
Malicious code in crowdin-cli-website (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-9576 Malicious code in crowdin-cli-website (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in sketch-crowdin (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 760414998be33a4144fb0eee0455cc462dea5f95e07189b1ff637271a0014974 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-8873 Malicious code in sketch-crowdin (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 760414998be33a4144fb0eee0455cc462dea5f95e07189b1ff637271a0014974 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
XSS vulnerability in translations
Summary An attacker with admin privileges and access to Translations management functionality may add JS payload to translation values via: - Translation management UI. - Translations downloaded via the Crowdin service may also contain JS strings used for XSS attacks, for a successful attack...
GHSA-RRGW-3HG3-9X8C XSS vulnerability in translations
Summary An attacker with admin privileges and access to Translations management functionality may add JS payload to translation values via: - Translation management UI. - Translations downloaded via the Crowdin service may also contain JS strings used for XSS attacks, for a successful attack...
Udemy: Completed Compromise & Source Code Disclosure via Exposed Jenkins Dashboard at https://jenkins101.udemy.com
Howdy, @udemy! Summary: ======= I am writing to inform you of a critical information disclosure bug via an exposed Jenkins dashboard located at https://jenkins101.udemy.com. Upon navigating to this address, I was asked to authenticate with my Github account. After authenticating, I was surprised ...