9 matches found
CVE-2020-7750
creationtimestamp| type| source ---|---|--- 2021-09-21 04:42:19+00:00| seen| https://t.me/pwnwikizhchannel/736 2024-11-14 06:09:12+00:00| seen| MISP/4b871962-89dc-44f5-8576-8275974b7453...
Scratch Desktop 3.17 Code Execution / Cross Site Scripting
Exploit Title: Scratch Desktop 3.17 - Cross-Site Scripting/Remote Code Execution XSS/RCE Google Dork: 'inurl:"/projects/editor/?tutorial=getStarted" -mit.edu' not foolproof on versioning Date: 2021-06-18 Exploit Author: Stig Magnus Baugstø Vendor Homepage: https://scratch.mit.edu/ Software Link:...
Scratch Desktop 3.17 - Cross-Site Scripting/Remote Code Execution Vulnerabilities
Exploit Title: Scratch Desktop 3.17 - Cross-Site Scripting/Remote Code Execution XSS/RCE Google Dork: 'inurl:"/projects/editor/?tutorial=getStarted" -mit.edu' not foolproof on versioning Exploit Author: Stig Magnus Baugstø Vendor Homepage: https://scratch.mit.edu/ Software Link:...
Scratch Desktop 3.17 - Remote Code Execution
Exploit Title: Scratch Desktop 3.17 - Cross-Site Scripting/Remote Code Execution XSS/RCE Google Dork: 'inurl:"/projects/editor/?tutorial=getStarted" -mit.edu' not foolproof on versioning Date: 2021-06-18 Exploit Author: Stig Magnus Baugstø Vendor Homepage: https://scratch.mit.edu/ Software Link:...
CVE-2020-7750
This affects the package scratch-svg-renderer before 0.2.0-prerelease.20201019174008. The loadString function does not escape SVG properly, which can be used to inject arbitrary elements into the DOM via the transformMeasurements function...
CVE-2020-7750
This affects the package scratch-svg-renderer before 0.2.0-prerelease.20201019174008. The loadString function does not escape SVG properly, which can be used to inject arbitrary elements into the DOM via the transformMeasurements function...
CVE-2020-7750
CVE-2020-7750 affects the scratch-svg-renderer package prior to 0.2.0-prerelease.20201019174008. The loadString function does not escape SVG content, allowing injection of arbitrary elements into the DOM via _transformMeasurements, which could enable cross-site scripting; the vulnerability is rat...
CVE-2020-7750 Cross-site Scripting (XSS)
This affects the package scratch-svg-renderer before 0.2.0-prerelease.20201019174008. The loadString function does not escape SVG properly, which can be used to inject arbitrary elements into the DOM via the transformMeasurements function...
@intesso/scratch-paint (=0.2.0), @wdr-data/scratch-render (=0.1.0-prerelease.20180918201144-fixed-1) +13 more potentially affected by CVE-2020-7750 via scratch-svg-renderer (>=0.1.0-prerelease.20180524210316 <=0.2.0-prerelease.20201016121710)
scratch-svg-renderer NPM version =0.1.0-prerelease.20180524210316, =0.0.1, =0.1.0-prerelease.2019-05-26T04-34Z, =0.2.0-prerelease.20181120191526, =0.1.0-prerelease.20210117145449, =0.1.0-prerelease.20200903194013, =0.2.0, =0.1.0-prerelease.20180531210700, =0.1.0, =0.1.0-prerelease.20201214071805,...