Cross-site Scripting (XSS)

Overview @nuxt/devtools is a Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper sanitization of error messages on DevTools authentication page. An attacker can extract authentication tokens by tricking a user into interacting with maliciously crafted...

EUVD-2019-5229

Malware in sbrugna...

EUVD-2022-1838

Malicious code in bioql PyPI...

Cross-site Scripting (XSS)

Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to insufficient sanitization of error messages. An attacker can inject malicious scripts that are executed in the context of the user's browser session. Details Cross-si...

Information Disclosure

github.com/grafana/google-sheets-datasource is vulnerable to Information Disclosure. The vulnerability is due to improper error message sanitization in googlesheets.go during the client.GetSpreadsheet function call. This potentially expose the Google Sheet API-key that is configured for the data...

Cross site scripting

Cross-site scripting XSS vulnerability in Zope 2.8.x before 2.8.12, 2.9.x before 2.9.12, 2.10.x before 2.10.11, 2.11.x before 2.11.6, and 2.12.x before 2.12.3, 3.1.1 through 3.4.1. allows remote attackers to inject arbitrary web script or HTML via vectors related to the way error messages perform...

CVE-2019-1273

A cross-site-scripting XSS vulnerability exists when Active Directory Federation Services ADFS does not properly sanitize certain error messages, aka 'Active Directory Federation Services XSS Vulnerability'...