55 matches found
Vite dev server - Cross-Site Scripting
Vite's dev server, when used with appType: 'custom' and manually invoking server.transformIndexHtml using the unmodified request URL, is vulnerable to XSS via a crafted URL payload. If the HTML being served includes an inline module script ..., an attacker can inject a script via the URL,...
EUVD-2021-8049
Malicious code in bioql PyPI...
EUVD-2022-34202
Malicious code in bioql PyPI...
EUVD-2025-20510
Malicious code in bioql PyPI...
EUVD-2024-38246
Malicious code in bioql PyPI...
EUVD-2021-8052
Malicious code in bioql PyPI...
CVE-2025-53545
The CVE-2025-53545 entry concerns Press, a Frappe custom app used with Frappe Cloud. The underlying issue is a lack of server-side validation that allows bypassing two-factor authentication (2FA) for users. The vulnerability description confirms that this is a 2FA bypass resulting from insufficie...
PT-2025-28475 · Frappe · Press
Name of the Vulnerable Software and Affected Versions: Press versions affected versions not specified Description: The issue concerns a lack of server-side validation for 2FA login, allowing users to circumvent this security measure. Press is a Frappe custom app that manages infrastructure,...
CVE-2021-20634
Improper access control vulnerability in Custom App of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the date of Custom App via unspecified vectors...
CVE-2021-20631
Improper input validation vulnerability in Custom App of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attacker to alter the data of Custom App via unspecified vectors...
Cybozu Office vulnerable to bypass browsing restrictions in Custom App
Overview Cybozu Office provided by Cybozu, Inc. contains a vulnerability which allows to bypass browsing restrictions in Custom App CWE-201. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of the solution through JVN. Impact A user who can login to the product may view data...
CVE-2024-39817
Insertion of sensitive information into sent data issue exists in Cybozu Office 10.0.0 to 10.8.6, which may allow a user who can login to the product to view data that the user does not have access by conducting 'search' under certain conditions in Custom App...
CVE-2024-39817
Insertion of sensitive information into sent data issue exists in Cybozu Office 10.0.0 to 10.8.6, which may allow a user who can login to the product to view data that the user does not have access by conducting 'search' under certain conditions in Custom App...
CVE-2024-39817
Insertion of sensitive information into sent data issue exists in Cybozu Office 10.0.0 to 10.8.6, which may allow a user who can login to the product to view data that the user does not have access by conducting 'search' under certain conditions in Custom App...
CVE-2024-39817
Insertion of sensitive information into sent data issue exists in Cybozu Office 10.0.0 to 10.8.6, which may allow a user who can login to the product to view data that the user does not have access by conducting 'search' under certain conditions in Custom App...
CVE-2024-39817
CVE-2024-39817 affects Cybozu Office 10.0.0–10.8.6. The issue involves insertion of sensitive information into data sent by the product, enabling a logged-in user to view data they should not access when performing a search in Custom App. Impact is confidentiality breach (CVE reports HIGH). Publi...
PT-2024-28682 · Cybozu · Cybozu Office
Name of the Vulnerable Software and Affected Versions: Cybozu Office versions 10.0.0 through 10.8.6 Description: The issue allows a user who can login to the product to view data that the user does not have access to by conducting 'search' under certain conditions in Custom App. This is due to th...
JVN#29845579: Cybozu Office vulnerable to bypass browsing restrictions in Custom App
Cybozu Office provided by Cybozu, Inc. contains a vulnerability which allows to bypass browsing restrictions in Custom App CWE-201. Impact A user who can login to the product may view data that the user does not have access by conducting 'search' under certain conditions. Solution Update the...
Android Content Providers 101
Introduction Android has a number of different types of components that a program or app can instantiate to interact with the user or other programs. Recently Ive been looking at exported as an interesting way to manipulate information that other apps have stored. A content provider is what it...
GHSA-92R3-M2MG-PJ97 Vite XSS vulnerability in `server.transformIndexHtml` via URL payload
Summary When Vite's HTML transformation is invoked manually via server.transformIndexHtml, the original request URL is passed in unmodified, and the html being transformed contains inline module scripts ..., it is possible to inject arbitrary HTML into the transformed output by supplying a...