18 matches found
EUVD-2019-7289
Malware in sbrugna...
CVE-2024-21485
Versions of the package dash-core-components before 2.13.0; versions of the package dash-core-components before 2.0.0; versions of the package dash before 2.15.0; versions of the package dash-html-components before 2.0.0; versions of the package dash-html-components before 2.0.16 are vulnerable t...
Cross-Site Scripting (XSS)
dash-core-components are vulnerable to Cross Site Scripting XSS. The vulnerability is caused due to improper handling of the href attribute of the tag when the href attribute is controlled by an adversary. This allows an attacker to steal data that is visible to another user who opens a view...
buzzword (>=1.2.1 <=1.2.3), dash-tokamak (=1.6.0) +22 more potentially affected by CVE-2024-21485 via dash-core-components (>=0.22.1 <=1.9.1)
dash-core-components PYPI version =0.22.1, =1.2.1, =0.1.0, =2.0.0b0, =0.1.0, =0.1.0, =0.2.0, =1.0.0, =0.0.2, =0.1.13 and more Source cves: CVE-2024-21485 Source advisory: OSV:GHSA-547X-748V-VP6P...
CVE-2024-21485
Versions of the package dash-core-components before 2.13.0; versions of the package dash-core-components before 2.0.0; versions of the package dash before 2.15.0; versions of the package dash-html-components before 2.0.0; versions of the package dash-html-components before 2.0.16 are vulnerable t...
CVE-2024-21485
Versions of the package dash-core-components before 2.13.0; versions of the package dash-core-components before 2.0.0; versions of the package dash before 2.15.0; versions of the package dash-html-components before 2.0.0; versions of the package dash-html-components before 2.0.16 are vulnerable t...
Cross site scripting
Versions of the package dash-core-components before 2.13.0; versions of the package dash-core-components before 2.0.0; versions of the package dash before 2.15.0; versions of the package dash-html-components before 2.0.0; versions of the package dash-html-components before 2.0.16 are vulnerable t...
PYSEC-2024-35
Versions of the package dash-core-components before 2.13.0; all versions of the package dash-core-components; versions of the package dash before 2.15.0; all versions of the package dash-html-components; versions of the package dash-html-components before 2.0.16 are vulnerable to Cross-site...
CVE-2024-21485
Dash Framework (Dash, dash-core-components, dash-html-components) versions before 2.15.0 (core components before 2.13.0/2.0.0; html components before 2.0.0/2.0.16) are vulnerable to Cross-site Scripting (XSS) when the href attribute of an anchor tag is controlled by an attacker. The vulnerability...
CVE-2024-21485
Versions of the package dash-core-components before 2.13.0; versions of the package dash-core-components before 2.0.0; versions of the package dash before 2.15.0; versions of the package dash-html-components before 2.0.0; versions of the package dash-html-components before 2.0.16 are vulnerable t...
Cross-site Scripting (XSS)
Overview dash-core-components is a Core component suite for Dash Affected versions of this package are vulnerable to Cross-site Scripting XSS when the href of the a tag is controlled by an adversary. An authenticated attacker who stores a view that exploits this vulnerability could steal the data...
Cross-site Scripting (XSS)
Overview dash-core-components is a library that provides the core React component suite for Dash. Affected versions of this package are vulnerable to Cross-site Scripting XSS when the href of the a tag is controlled by an adversary. An authenticated attacker who stores a view that exploits this...
PT-2024-18904 · Unknown +1 · Dash-Core-Components +2
Name of the Vulnerable Software and Affected Versions: dash-core-components versions prior to 2.13.0 dash versions prior to 2.15.0 dash-html-components versions prior to 2.0.16 Description: The issue allows an authenticated attacker to steal data visible to another user who opens a view that...
CVE-2019-16752
An issue was discovered in Decentralized Anonymous Payment System DAPS through 2019-08-26. It is possible to force wallets to send HTTP requests to arbitrary locations, both on the local network and on the internet. This is a serious threat to user privacy, since it can possibly leak their IP...
CVE-2019-16752
An issue was discovered in Decentralized Anonymous Payment System DAPS through 2019-08-26. It is possible to force wallets to send HTTP requests to arbitrary locations, both on the local network and on the internet. This is a serious threat to user privacy, since it can possibly leak their IP...
Design/Logic Flaw
An issue was discovered in Decentralized Anonymous Payment System DAPS through 2019-08-26. It is possible to force wallets to send HTTP requests to arbitrary locations, both on the local network and on the internet. This is a serious threat to user privacy, since it can possibly leak their IP...
CVE-2019-16752
An issue was discovered in Decentralized Anonymous Payment System DAPS through 2019-08-26. It is possible to force wallets to send HTTP requests to arbitrary locations, both on the local network and on the internet. This is a serious threat to user privacy, since it can possibly leak their IP...
CVE-2019-16752
CVE-2019-16752 concerns a vulnerability in Decentralized Anonymous Payment System (DAPS) present through 2019-08-26 that can cause wallets to send HTTP requests to arbitrary locations, potentially leaking a user’s IP and usage. Affected products/versions explicitly mentioned include Dash Core up ...