Malicious code in ac-dom-nodes (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b323cec1a59645d9dcb2c0951a0f7d31b362ac58e4f930306a940ed67037b20d The package ac-dom-nodes was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-778 Malicious code in ac-dom-nodes (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b323cec1a59645d9dcb2c0951a0f7d31b362ac58e4f930306a940ed67037b20d The package ac-dom-nodes was found to contain malicious code. Source: ossf-package-analysis...

EUVD-2010-2770

Malware in sbrugna...

EUVD-2005-1163

Malware in sbrugna...

EUVD-2010-1239

Malware in sbrugna...

EUVD-2022-4752

Malicious code in bioql PyPI...

RHEL 5 : java-1.4.2-ibm (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - OpenJDK: InetSocketAddress serialization issue Networking, 7201071 CVE-2013-0433 - Oracle JDK 7: bypass o...

GHSA-FJR2-R2MP-484P Duplicate Advisory: SimpleSAMLphp signature validation bypass

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-j4qf-3w33-8cgc. This link is maintained to preserve external references. Original Description Background SAML messages are usually signed to prove the identity of the issuer of the message. In the case of SAML...

BIT-MEDIAWIKI-2020-10960

In MediaWiki before 1.34.1, users can add various Cascading Style Sheets CSS classes which can affect what content is shown or hidden in the user interface to arbitrary DOM nodes via HTML content within a MediaWiki page. This occurs because jquery.makeCollapsible allows applying an event handler ...

SUSE CVE-2010-1121

Mozilla Firefox 3.6.x before 3.6.3 does not properly manage the scopes of DOM nodes that are moved from one document to another, which allows remote attackers to conduct use-after-free attacks and execute arbitrary code via unspecified vectors involving improper interaction with garbage collectio...

SUSE CVE-2010-1209

Use-after-free vulnerability in the NodeIterator implementation in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via a crafted NodeFilter that detaches DOM nodes, related to the NodeIterator interface and ...

SUSE CVE-2018-12363

A use-after-free vulnerability can occur when script uses mutation events to move DOM nodes between documents, resulting in the old document that held the node being freed but the node still having a pointer referencing it. This results in a potentially exploitable crash. This vulnerability affec...

Cross-site Scripting (XSS)

flarum is vulnerable to cross-site scripting XSS. The library's page title system enables page titles to be converted into HTML DOM nodes when pages are rendered, which allows an attacker to inject malicious HTML markup using a discussion title input when a visitor opens the relevant discussion...

CVE-2022-41938 Cross site scripting vulnerability with discussion titles in flarum

Flarum is an open source discussion platform. Flarum's page title system allowed for page titles to be converted into HTML DOM nodes when pages were rendered. The change was made after v1.5 and was not noticed. This allowed an attacker to inject malicious HTML markup using a discussion title inpu...

Ubuntu: Security Advisory (USN-124-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MediaWiki makeCollapsible allows applying event handler to any CSS selector

In MediaWiki before 1.34.1, users can add various Cascading Style Sheets CSS classes which can affect what content is shown or hidden in the user interface to arbitrary DOM nodes via HTML content within a MediaWiki page. This occurs because jquery.makeCollapsible allows applying an event handler ...

CVE-2021-32671 XSS vulnerability with translator

Flarum is a forum software for building communities. Flarum's translation system allowed for string inputs to be converted into HTML DOM nodes when rendered. This change was made after v0.1.0-beta.16 our last beta before v1.0.0 and was not noticed or documented. This allowed for any user to type...

CVE-2021-32671

CVE-2021-32671 concerns Flarum’s translation system, which allowed string inputs to be rendered as HTML DOM nodes, enabling cross-site scripting in certain user inputs (notably the forum search box). The vulnerability affects Flarum v1.0.0/v1.0.1 and is due to rendering user-provided markup witho...

Design/Logic Flaw

Bad validation logic in the Dart SDK versions prior to 2.12.3 allow an attacker to use an XSS attack via DOM clobbering. The validation logic in dart:html for creating DOM nodes from text did not sanitize properly when it came across template tags...

CVE-2021-22540 XSS in Dart SDK

Bad validation logic in the Dart SDK versions prior to 2.12.3 allow an attacker to use an XSS attack via DOM clobbering. The validation logic in dart:html for creating DOM nodes from text did not sanitize properly when it came across template tags...