33 matches found
EUVD-2021-14785
Malware in sbrugna...
CVE-2021-28079
Jamovi =1.6.18 is affected by a cross-site scripting XSS vulnerability. The column-name is vulnerable to XSS in the ElectronJS Framework. An attacker can make a .omv Jamovi document containing a payload. When opened by victim, the payload is triggered...
CVE-2025-27608
Arduino IDE 2.x is an IDE based on the Theia IDE framework and built with Electron. A Self Cross-Site Scripting XSS vulnerability has been identified within the Arduino-IDE prior to version v2.3.5. The vulnerability occurs in the Additional Board Manager URLs field, which can be found in the...
CVE-2025-27608 Self Cross-Site Scripting in Arduino IDE
Arduino IDE 2.x is an IDE based on the Theia IDE framework and built with Electron. A Self Cross-Site Scripting XSS vulnerability has been identified within the Arduino-IDE prior to version v2.3.5. The vulnerability occurs in the Additional Board Manager URLs field, which can be found in the...
CVE-2025-27608 Self Cross-Site Scripting in Arduino IDE
Arduino IDE 2.x is an IDE based on the Theia IDE framework and built with Electron. A Self Cross-Site Scripting XSS vulnerability has been identified within the Arduino-IDE prior to version v2.3.5. The vulnerability occurs in the Additional Board Manager URLs field, which can be found in the...
CVE-2025-27608
Arduino IDE 2.x (Electron-based Theia-derived IDE) contains a Self-XSS vulnerability in the Additional Board Manager URLs field found under Preferences → Settings. In vulnerable releases prior to 2.3.5, input in this field is displayed to users via a notification tooltip without proper output enc...
ASAR Integrity bypass via filetype confusion in electron
Impact This only impacts apps that have the embeddedAsarIntegrityValidation and onlyLoadAppFromAsar fuses enabled. Apps without these fuses enabled are not impacted. This issue is specific to macOS as these fuses are only currently supported on macOS. Specifically this issue can only be exploited...
Malicious code in update.electronjs.org (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 570da49a43c941cec1292b434882e33fa9b0d622894934efe87b8cf494184da6 The OpenSSF Package Analysis project identified 'update.electronjs.org' @ 99.9.9 npm as malicious. It is considered malicious because: - The...
MAL-2023-1328 Malicious code in update.electronjs.org (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 570da49a43c941cec1292b434882e33fa9b0d622894934efe87b8cf494184da6 The OpenSSF Package Analysis project identified 'update.electronjs.org' @ 99.9.9 npm as malicious. It is considered malicious because: - The...
Exploit for Cross-site Scripting in Jamovi
CVE-2021-28079 - POC Jamovi =1.6.18 is affected by a cros...
Postbird 0.8.4 - Javascript Injection Exploit
Exploit Title: Postbird 0.8.4 - Javascript Injection Exploit Author: Debshubra Chakraborty Vendor Homepage: https://github.com/paxa/postbird Software Link: https://www.electronjs.org/apps/postbird Version: 0.8.4 Tested on: Linux CVE : CVE-2021-33570 """ XSS Payload LFI Payload PostgreSQL Password...
Postbird 0.8.4 - Javascript Injection
Exploit Title: Postbird 0.8.4 - Javascript Injection Date: 26 May 2021 Exploit Author: Debshubra Chakraborty Vendor Homepage: https://github.com/paxa/postbird Software Link: https://www.electronjs.org/apps/postbird Version: 0.8.4 Tested on: Linux CVE : CVE-2021-33570 """ XSS Payload LFI Payload...
Jamovi Cross-Site Scripting Vulnerability
jamovi is jamovi open source a free and open statistics platform. Jamovi has a cross-site scripting vulnerability in version 1.6.18 and earlier. In ElectronJS framework , the listing is vulnerable to XSS attacks. An attacker can exploit the vulnerability to craft a .omv document containing a...
CVE-2021-28079
Jamovi =1.6.18 is affected by a cross-site scripting XSS vulnerability. The column-name is vulnerable to XSS in the ElectronJS Framework. An attacker can make a .omv Jamovi document containing a payload. When opened by victim, the payload is triggered...
CVE-2021-28079
Jamovi =1.6.18 is affected by a cross-site scripting XSS vulnerability. The column-name is vulnerable to XSS in the ElectronJS Framework. An attacker can make a .omv Jamovi document containing a payload. When opened by victim, the payload is triggered...
Cross site scripting
Jamovi =1.6.18 is affected by a cross-site scripting XSS vulnerability. The column-name is vulnerable to XSS in the ElectronJS Framework. An attacker can make a .omv Jamovi document containing a payload. When opened by victim, the payload is triggered...
CVE-2021-28079
Jamovi =1.6.18 is affected by a cross-site scripting XSS vulnerability. The column-name is vulnerable to XSS in the ElectronJS Framework. An attacker can make a .omv Jamovi document containing a payload. When opened by victim, the payload is triggered...
CVE-2021-28079
Summary: CVE-2021-28079 affects Jamovi versions
jamovi 跨站脚本漏洞
jamovi is jamovi open source a free and open statistics platform. Jamovi has a cross-site scripting vulnerability in version 1.6.18 and earlier. In ElectronJS framework , the listing is vulnerable to XSS attacks. An attacker can exploit the vulnerability to craft a .omv document containing a...
Chromium Remote Code Execution in electron
Affected versions of ElectronJS are susceptible to a remote code execution vulnerability that occurs when an affected application access remote content, even if the sandbox option is enabled. Recommendation Update to electron version 1.7.8 or later...