2 matches found
SQL Injection
Overview smoosense is a Smoothly make sense of your large multi-modal datasets Affected versions of this package are vulnerable to SQL Injection via improper handling of user-supplied filter values. The parseFilters.ts and helpers.ts utility functions fail to escape single quotes before...
CVE-2023-33962
JStachio is a type-safe Java Mustache templating engine. Prior to version 1.0.1, JStachio fails to escape single quotes ' in HTML, allowing an attacker to inject malicious code. This vulnerability can be exploited by an attacker to execute arbitrary JavaScript code in the context of other users...