Lucene search
K

9 matches found

Circl
Circl
added 2021/09/21 4:42 a.m.11 views

CVE-2020-7750

creationtimestamp| type| source ---|---|--- 2021-09-21 04:42:19+00:00| seen| https://t.me/pwnwikizhchannel/736 2024-11-14 06:09:12+00:00| seen| MISP/4b871962-89dc-44f5-8576-8275974b7453...

9.6CVSS8.7AI score0.06074EPSS
Exploits3References1
Packet Storm
Packet Storm
added 2021/07/02 12:0 a.m.198 views

Scratch Desktop 3.17 Code Execution / Cross Site Scripting

Exploit Title: Scratch Desktop 3.17 - Cross-Site Scripting/Remote Code Execution XSS/RCE Google Dork: 'inurl:"/projects/editor/?tutorial=getStarted" -mit.edu' not foolproof on versioning Date: 2021-06-18 Exploit Author: Stig Magnus Baugstø Vendor Homepage: https://scratch.mit.edu/ Software Link:...

6.8CVSS0.2AI score0.06074EPSS
Exploits3
0day.today
0day.today
added 2021/07/02 12:0 a.m.110 views

Scratch Desktop 3.17 - Cross-Site Scripting/Remote Code Execution Vulnerabilities

Exploit Title: Scratch Desktop 3.17 - Cross-Site Scripting/Remote Code Execution XSS/RCE Google Dork: 'inurl:"/projects/editor/?tutorial=getStarted" -mit.edu' not foolproof on versioning Exploit Author: Stig Magnus Baugstø Vendor Homepage: https://scratch.mit.edu/ Software Link:...

9.6CVSS0.3AI score0.06074EPSS
Exploits3
Exploit DB
Exploit DB
added 2021/07/02 12:0 a.m.349 views

Scratch Desktop 3.17 - Remote Code Execution

Exploit Title: Scratch Desktop 3.17 - Cross-Site Scripting/Remote Code Execution XSS/RCE Google Dork: 'inurl:"/projects/editor/?tutorial=getStarted" -mit.edu' not foolproof on versioning Date: 2021-06-18 Exploit Author: Stig Magnus Baugstø Vendor Homepage: https://scratch.mit.edu/ Software Link:...

9.6CVSS9.6AI score0.06074EPSS
Exploits3
NVD
NVD
added 2020/10/21 5:15 p.m.35 views

CVE-2020-7750

This affects the package scratch-svg-renderer before 0.2.0-prerelease.20201019174008. The loadString function does not escape SVG properly, which can be used to inject arbitrary elements into the DOM via the transformMeasurements function...

9.6CVSS0.06074EPSS
Exploits3References2
OSV
OSV
added 2020/10/21 5:15 p.m.22 views

CVE-2020-7750

This affects the package scratch-svg-renderer before 0.2.0-prerelease.20201019174008. The loadString function does not escape SVG properly, which can be used to inject arbitrary elements into the DOM via the transformMeasurements function...

9.6CVSS6.7AI score
Exploits0References2
CVE
CVE
added 2020/10/21 4:20 p.m.103 views

CVE-2020-7750

CVE-2020-7750 affects the scratch-svg-renderer package prior to 0.2.0-prerelease.20201019174008. The loadString function does not escape SVG content, allowing injection of arbitrary elements into the DOM via _transformMeasurements, which could enable cross-site scripting; the vulnerability is rat...

9.6CVSS9.3AI score0.06074EPSS
Exploits3References2Affected Software1
Cvelist
Cvelist
added 2020/10/21 4:20 p.m.36 views

CVE-2020-7750 Cross-site Scripting (XSS)

This affects the package scratch-svg-renderer before 0.2.0-prerelease.20201019174008. The loadString function does not escape SVG properly, which can be used to inject arbitrary elements into the DOM via the transformMeasurements function...

9.6CVSS9.3AI score0.06074EPSS
Exploits3References2
vulnersOsv
vulnersOsv
added 2020/10/21 4:5 p.m.4 views

@intesso/scratch-paint (=0.2.0), @wdr-data/scratch-render (=0.1.0-prerelease.20180918201144-fixed-1) +13 more potentially affected by CVE-2020-7750 via scratch-svg-renderer (>=0.1.0-prerelease.20180524210316 <=0.2.0-prerelease.20201016121710)

scratch-svg-renderer NPM version =0.1.0-prerelease.20180524210316, =0.0.1, =0.1.0-prerelease.2019-05-26T04-34Z, =0.2.0-prerelease.20181120191526, =0.1.0-prerelease.20210117145449, =0.1.0-prerelease.20200903194013, =0.2.0, =0.1.0-prerelease.20180531210700, =0.1.0, =0.1.0-prerelease.20201214071805,...

9.6CVSS7.2AI score0.06074EPSS
Exploits3
Rows per page
Query Builder