Malicious code in docs-component-advanced-permission (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 1a065d7fc179e436125a277398d58863cc0c5145b5220c893c09409bdd44807d The OpenSSF Package Analysis project identified 'docs-component-advanced-permission' @ 1.1.0 npm as malicious. It is considered malicious becaus...

Malicious code in docs-component-like (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis cde662c7be657edd2cffb28c74114bf428fa1b9db283784ae67f159dbf201ce2 The OpenSSF Package Analysis project identified 'docs-component-like' @ 1.0.6 npm as malicious. It is considered malicious because: - The packag...

Upgraded Q -> 2 from #404 [1684435083624]

Judge has assessed an item in Issue 404 as 2 risk. The relevant finding follows: Global Budget Constraint is said to be 2% in Docs But It Is 3% in The code Description: In the docs it is mentioned that Global Budget Constraint should be 2% but in the code here it is hardcoded to 3%. --- The text...

cn.vertxup:zero-ifx-stomp (=0.9.0), cn.vertxup:zero-vie (=0.9.0) +3 more potentially affected by CVE-2023-32081 via io.vertx:vertx-stomp (>=4.0.0 <=4.4.1)

io.vertx:vertx-stomp MAVEN version =4.0.0, =2.0.0, =4.0.0, =4.0.0, =4.4.1 Source cves: CVE-2023-32081 Source advisory: OSV:GHSA-GVRQ-CG5R-7CHP...

Jedox 2020.2.5 - Stored Cross-Site Scripting in Log-Module

Exploit Title: Jedox 2020.2.5 - Stored Cross-Site Scripting in Log-Module Date: 28/04/2023 Exploit Author: Team Syslifters / Christoph MAHRL, Aron MOLNAR, Patrick PIRKER and Michael WEDL Vendor Homepage: https://jedox.com Version: Jedox 2020.2 20.2.5 and older CVE : CVE-2022-47877 Introduction...

WordPress WP Docs Plugin <= 1.9.9 is vulnerable to Cross Site Scripting (XSS)

Software WP Docs Type Plugin Vulnerable versions = 1.9.9 Fixed in 2.0.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32106 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6c7b1d23694a Credits Le Ngoc Anh Required...

Malicious code in mm-docs-v-2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis e164ce9b5bafc633c26d087af362bfe0ae909af588fc1b193b9c79f3b956c030 The OpenSSF Package Analysis project identified 'mm-docs-v-2' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...

MAL-2023-1238 Malicious code in mm-docs-v-2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis e164ce9b5bafc633c26d087af362bfe0ae909af588fc1b193b9c79f3b956c030 The OpenSSF Package Analysis project identified 'mm-docs-v-2' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...

GHSA-X2XW-HW8G-6773 govuk_tech_docs vulnerable to unescaped HTML on search results page

Impact Pages that are indexed in search results have their entire contents indexed, including any HTML code snippets. These HTML snippets would appear in the search results unsanitised, so it was possible to render arbitrary HTML or run arbitrary scripts. This is a low risk security issue; to...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS such that Pages that are indexed in search results have their entire contents indexed, including any HTML code snippets. These HTML snippets would appear in the search results unsanitized. To exploit this...

govuk_tech_docs vulnerable to unescaped HTML on search results page

Impact Pages that are indexed in search results have their entire contents indexed, including any HTML code snippets. These HTML snippets would appear in the search results unsanitised, so it was possible to render arbitrary HTML or run arbitrary scripts. This is a low risk security issue; to...

govuk_tech_docs vulnerable to unescaped HTML on search results page

Impact Pages that are indexed in search results have their entire contents indexed, including any HTML code snippets. These HTML snippets would appear in the search results unsanitised, so it was possible to render arbitrary HTML or run arbitrary scripts. This is a low risk security issue; to...

CKEditor 5 35.4.0 - Cross-Site Scripting (XSS)

Exploit Title: CKEditor 5 35.4.0 - Cross-Site Scripting XSS Google Dork: N/A Date: February 09, 2023 Exploit Author: Manish Pathak Vendor Homepage: https://cksource.com/ Software Link: https://ckeditor.com/ckeditor-5/download/ Version: 35.4.0 Tested on: Linux / Web CVE : CVE-2022-48110 CKSource...

The vulnerability of the online document editor ONLYOFFICE Docs, related to the use of an unreliable search path, allows a perpetrator to execute arbitrary code.

The vulnerability of the online text document editor ONLYOFFICE Docs is related to the use of an unreliable search path. Exploiting this vulnerability allows a attacker to execute arbitrary code by replacing the legitimate DLL file with a malicious library...

buildbot-badges (>=1.7.0 <=1.8.2), cico (>=0.1.0 <=0.1.8) +18 more potentially affected by CVE-2023-27586 via cairosvg (>=0.5.0 <=2.6.0)

cairosvg PYPI version =0.5.0, =1.7.0, =0.1.0, =1.0.0b1, =0.0.2, =0.1.0, =0.1.0, =2.11.0, =4.3.0, =0.0.1, =9.0.5, =1.0.0, =0.1.0, =0.2.7 and more Source cves: CVE-2023-27586 Source advisory: OSV:GHSA-RWMF-W63J-P7GV...

CVE-2022-48422

ONLYOFFICE Docs through 7.3 on certain Linux distributions allows local users to gain privileges via a Trojan horse libgccs.so.1 in the current working directory, which may be any directory in which an ONLYOFFICE document is located...

Directory traversal

ONLYOFFICE Docs through 7.3 on certain Linux distributions allows local users to gain privileges via a Trojan horse libgccs.so.1 in the current working directory, which may be any directory in which an ONLYOFFICE document is located...

CVE-2022-48422

ONLYOFFICE Docs through 7.3 on certain Linux distributions allows local users to gain privileges via a Trojan horse libgccs.so.1 in the current working directory, which may be any directory in which an ONLYOFFICE document is located...

Ascensio System ONLYOFFICE 代码问题漏洞

Ascensio System ONLYOFFICE is an office software from Ascensio System, Latvia. A security vulnerability exists in ONLYOFFICE Docs versions prior to 7.3 that originates from a vulnerability that allows local users to gain privileges via the Trojan horse libgccs.so.1 in the current working director...

PT-2023-1742 · Onlyoffice · Onlyoffice Docs

Name of the Vulnerable Software and Affected Versions: ONLYOFFICE Docs versions prior to 7.3 Description: The issue is related to the use of an insecure path search in the ONLYOFFICE Docs online text document editor. Exploitation of this issue may allow an attacker to execute arbitrary code by...