EUVD-2016-5855

Malware in sbrugna...

form-lab (=0.1.3), nmt_databox (>=1.0.5 <=1.0.7) potentially affected by unknown CVE via instal (=0.0.1-security)

instal NPM version =0.0.1-security is affected by a known vulnerability. The following packages have a transitive dependency on instal and may be impacted: - form-lab =0.1.3 - nmtdatabox =1.0.5, =1.0.7 Source cves: unknown CVE Source advisory: OSV:MAL-2025-23246...

databox.com XSS vulnerability

Vulnerable URL: https://databox.com/blog?" Details: Description| Value ---|--- Patched:| Yes, at 25.07.2017 Latest check for patch:| 25.07.2017 19:49 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 239795 VIP website status:| No Coordinated Disclosure Timeline:...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the IVYWE 1 Assist plugin before 1.1.2.test20160906, 2 dataBox plugin before 0.0.0.20160906, and 3 userBox plugin before 0.0.0.20160906 for Geeklog allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2016-4875

Multiple cross-site scripting XSS vulnerabilities in the IVYWE 1 Assist plugin before 1.1.2.test20160906, 2 dataBox plugin before 0.0.0.20160906, and 3 userBox plugin before 0.0.0.20160906 for Geeklog allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2016-4875

Multiple cross-site scripting XSS vulnerabilities in the IVYWE 1 Assist plugin before 1.1.2.test20160906, 2 dataBox plugin before 0.0.0.20160906, and 3 userBox plugin before 0.0.0.20160906 for Geeklog allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2016-4875

CVE-2016-4875 describes cross-site scripting (CWE-79) vulnerabilities in Geeklog IVYWE edition plugins: Assist (before 1.1.2.test20160906), dataBox (before 0.0.0.20160906), and userBox (before 0.0.0.20160906). The root cause is untrusted input that can be injected into administrator-facing contex...

CVE-2016-4875

Multiple cross-site scripting XSS vulnerabilities in the IVYWE 1 Assist plugin before 1.1.2.test20160906, 2 dataBox plugin before 0.0.0.20160906, and 3 userBox plugin before 0.0.0.20160906 for Geeklog allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Multiple plugins for Geeklog IVYWE edition vulnerable to cross-site scripting

Overview Geeklog is an open source content management system CMS. The Geeklog IVYWE edition plugins Assist, dataBox, and userBox each contain a cross-site scripting CWE-79 vulnerability. IVY WE CO.,LTD. reported this vulnerability to IPA and JPCERT/CC to notify users of its solution through JVN...