Malicious code in aem-angular-editable-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fca4a582054bbff21e69768e3b5934e358df88c79f61073e65cf4272a8510544 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in aem-react-editable-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6fdeb2ad3adadbbe85aa33bbaa3ed1728c9019c415d8c1e218db5f1f72661482 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-268 Malicious code in aem-angular-editable-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fca4a582054bbff21e69768e3b5934e358df88c79f61073e65cf4272a8510544 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-269 Malicious code in aem-react-editable-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6fdeb2ad3adadbbe85aa33bbaa3ed1728c9019c415d8c1e218db5f1f72661482 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

DAAS. PDF Printer generates image files are not editable selectable letters in PDFs with HTML5

Citrix PDF Printer generates image files are not editable / selectable letters in PDFs with 2402 With HTML5 Receiver v22.9.0.26 in DAAS. Users can't copy and paste any character...

Online Shopping Portal Parameter Value Cross-Site Scripting Vulnerability

Online Shopping Portal is an online store. Online Shopping Portal suffers from a cross-site scripting vulnerability that originates in the parameter value of file /shopping/admin/assets/plugins/DataTables/examples/examplessupport/editableajax.php to the parameter value. The parameter value of...

CVE-2024-10743

A vulnerability was found in PHPGurukul Online Shopping Portal 2.0. It has been classified as problematic. Affected is an unknown function of the file /shopping/admin/assets/plugins/DataTables/examples/examplessupport/editableajax.php. The manipulation of the argument value leads to cross site...

PHPGurukul Online Shopping Portal 跨站脚本漏洞

Online Shopping Portal is an online store. Online Shopping Portal suffers from a cross-site scripting vulnerability that originates in the parameter value of file /shopping/admin/assets/plugins/DataTables/examples/examplessupport/editableajax.php to the parameter value. The parameter value of...

PT-2024-16507 · Unknown · Phpgurukul Online Shopping Portal

Name of the Vulnerable Software and Affected Versions: PHPGurukul Online Shopping Portal version 2.0 Description: A vulnerability was found in the PHPGurukul Online Shopping Portal, allowing for cross-site scripting XSS attacks. The issue is related to an unknown function in the file...

U.S. Dept Of Defense: Publicly Editable U.S. Air Force Google Spreadsheet Exposing Student Leave Data

The U.S. Air Force Google Spreadsheet that exposed student leave data was publicly editable, allowing any unauthorized user to access and modify the restricted contents...

CVE-2024-4026

Cross-Site Scripting XSS vulnerability in the Holded application. This vulnerability could allow an attacker to store a JavaScript payload within all editable parameters within the 'General' and 'Team ID' functionalities, which could result in a session takeover...

CVE-2024-4026

CVE-2024-4026 is an XSS vulnerability in Holded. The cited sources indicate that an attacker could store a JavaScript payload in all editable parameters within the General and Team ID functions, enabling session takeover. The issue affects Holded versions prior to 4.20.0 (per CNNVD). Root cause d...

PT-2024-24337 · Unknown · Xwiki Platform

Name of the Vulnerable Software and Affected Versions: XWiki Platform versions 6.4-milestone-1 through 4.10.18 XWiki Platform versions prior to 15.5.4 XWiki Platform versions prior to 15.10-rc-1 Description: The XWiki Platform is affected by a remote code execution issue. This issue arises from t...

BIT-DISCOURSE-2024-21655 Insufficient control of custom field value sizes

Discourse is a platform for community discussion. For fields that are client editable, limits on sizes are not imposed. This allows a malicious actor to cause a Discourse instance to use excessive disk space and also often excessive bandwidth. The issue is patched 3.1.4 and 3.2.0.beta4...

CVE-2024-21655

Discourse is a platform for community discussion. For fields that are client editable, limits on sizes are not imposed. This allows a malicious actor to cause a Discourse instance to use excessive disk space and also often excessive bandwidth. The issue is patched 3.1.4 and 3.2.0.beta4...

Design/Logic Flaw

Discourse is a platform for community discussion. For fields that are client editable, limits on sizes are not imposed. This allows a malicious actor to cause a Discourse instance to use excessive disk space and also often excessive bandwidth. The issue is patched 3.1.4 and 3.2.0.beta4...

CVE-2024-21655 Insufficient control of custom field value sizes

Discourse is a platform for community discussion. For fields that are client editable, limits on sizes are not imposed. This allows a malicious actor to cause a Discourse instance to use excessive disk space and also often excessive bandwidth. The issue is patched 3.1.4 and 3.2.0.beta4...

PT-2024-19002 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 3.1.4 Discourse versions prior to 3.2.0.beta4 Description: Discourse is a platform for community discussion. For fields that are client editable, limits on sizes are not imposed. This allows a malicious actor to...

Discourse 资源管理错误漏洞

Discourse is an open source community discussion platform. The platform includes features such as community, email and chat rooms. A resource management error vulnerability exists in Discourse, which stems from an unimposed size limit on client-side editable fields, and can be exploited by an...

coderedcms (>=2.0.0 <=2.1.4), puput (=1.2.0) +31 more potentially affected by CVE-2023-45809 via wagtail (>=4.2.4 <=5.0.0rc1)

wagtail PYPI version =4.2.4, =2.0.0, =0.1.0, =0.3.4, =0.0.1, =1.6.0, =0.18.0, =0.19.2 - wagtail-hallo =0.3.0 - wagtail-images-deduplicator =1.0.0a1 and more Source cves: CVE-2023-45809 Source advisory: OSV:PYSEC-2023-219...