11 matches found
Cross-site Scripting (XSS)
Overview svelte is a package for building web applications. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the handling of attribute spreading and dynamic name attributes within form elements. An attacker can inject malicious scripts by manipulating both the sprea...
GHSA-RCQX-6Q8C-2C42 Svelte Vulnerable to XSS via DOM Clobbering of Internal Framework State
Svelte was vulnerable to DOM clobbering of its internal framework state on elements, potentially leading to XSS attacks. You are vulnerable if all of the following is true: - you are using attribute spreading on a form element - you are using attribute spreading or allow a dynamic value for the...
Cross-site Scripting (XSS)
Overview org.webjars.npm:svelte is a package for building web applications. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the handling of attribute spreading and dynamic name attributes within form elements. An attacker can inject malicious scripts by manipulatin...
PT-2026-41134
Svelte was vulnerable to DOM clobbering of its internal framework state on elements, potentially leading to XSS attacks. You are vulnerable if all of the following is true: - you are using attribute spreading on a form element - you are using attribute spreading or allow a dynamic value for the...
CVE-2025-11232
To trigger the issue, three configuration parameters must have specific settings: "hostname-char-set" must be left at the default setting, which is "^A-Za-z0-9.-"; "hostname-char-replacement" must be empty the default; and "ddns-qualifying-suffix" must NOT be empty the default is empty. DDNS...
PT-2025-44192
Name of the Vulnerable Software and Affected Versions Reolink Video Doorbell Wi-Fi DB 566128M5MP W affected versions not specified Description The Reolink Video Doorbell Wi-Fi DB 566128M5MP W stores and transmits Dynamic DNS DDNS credentials in plaintext within its configuration and update script...
CVE-2022-50474
In the Linux kernel, the following vulnerability has been resolved: macintosh: fix possible memory leak in macioaddonedevice Afer commit 1fa5ae857bb1 "driver core: get rid of struct device's busid string array", the name of device is allocated dynamically. It needs to be freed when ofdeviceregist...
activeadmin vulnerable to stored persistent cross-site scripting (XSS) in dynamic form legends
Users settings their active admin form legends dynamically may be vulnerable to stored XSS, as long as its value can be injected directly by a malicious user. For example: A public web application allows users to create entities with arbitrary names. Active Admin is used to administrate these...
多款D-Link产品操作系统命令注入漏洞
D-Link DIR-820L and others are products of China-based AUO D-Link.D-Link DIR-820L is a dual-band wireless router.D-Link Dir-830L is a wireless Ac1200 dual-band cloud router.D-Link Dir-810L is a wireless Ac750 dual-band cloud router. An operating system command injection vulnerability exists in...
Skyworth Gn542vf Cross-Site Scripting Vulnerability
The Skyworth Gn542vf is an Internet TV device from Skyworth, a Chinese company. The Skyworth Gn542vf Hardware Version 2.0 and Software Version 2.0.0.16 suffers from a cross-site scripting vulnerability that can be exploited by an authenticated attacker to inject their own scripts into a page via...
CVE-2000-1079
Interactions between the CIFS Browser Protocol and NetBIOS as implemented in Microsoft Windows 95, 98, NT, and 2000 allow remote attackers to modify dynamic NetBIOS name cache entries via a spoofed Browse Frame Request in a unicast or UDP broadcast datagram...