17 matches found
Express - Node.js API with PostgreSQL SQL注入漏洞
Express - Node.js API with PostgreSQL is a RESTful API service developed by Jawher Kl, based on Node.js and PostgreSQL. Versions of Express - Node.js API with PostgreSQL prior to version 2.5 have a SQL injection vulnerability. This vulnerability stems from incorrect handling of the sort parameter...
EUVD-2023-0593
Malicious code in bioql PyPI...
Hidden Backdoors in npm Packages Let Attackers Wipe Entire Systems
Malicious npm packages found with hidden endpoints that wipe systems on command. Devs warned to check dependencies for express-api-sync, system-health-sync-api...
Malicious code in express-api-sync (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware efac302be698778eb5fe49cde2fadcf3d675910622eaf3387754f96e332f87f9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-4683 Malicious code in express-api-sync (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware efac302be698778eb5fe49cde2fadcf3d675910622eaf3387754f96e332f87f9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Cross-site Scripting (XSS)
eta is vulnerable to Cross-site Scripting XSS. The vulnerability exists in file-handlers.ts due to improper user-input sanitization from the Express API allowing an attacker to inject and execute malicious JavaScript...
CVE-2023-23630
Eta is an embedded JS templating engine that works inside Node, Deno, and the browser. XSS attack - anyone using the Express API is impacted. The problem has been resolved. Users should upgrade to version 2.0.0. As a workaround, don't pass user supplied things directly to res.render...
Design/Logic Flaw
Eta is an embedded JS templating engine that works inside Node, Deno, and the browser. XSS attack - anyone using the Express API is impacted. The problem has been resolved. Users should upgrade to version 2.0.0. As a workaround, don't pass user supplied things directly to res.render...
CVE-2023-23630 Cross-site (XSS) vulnerability with Express API in Eta
Eta is an embedded JS templating engine that works inside Node, Deno, and the browser. XSS attack - anyone using the Express API is impacted. The problem has been resolved. Users should upgrade to version 2.0.0. As a workaround, don't pass user supplied things directly to res.render...
CVE-2023-23630 Cross-site (XSS) vulnerability with Express API in Eta
Eta is an embedded JS templating engine that works inside Node, Deno, and the browser. XSS attack - anyone using the Express API is impacted. The problem has been resolved. Users should upgrade to version 2.0.0. As a workaround, don't pass user supplied things directly to res.render...
CVE-2023-23630 Cross-site (XSS) vulnerability with Express API in Eta
Eta is an embedded JS templating engine that works inside Node, Deno, and the browser. XSS attack - anyone using the Express API is impacted. The problem has been resolved. Users should upgrade to version 2.0.0. As a workaround, don't pass user supplied things directly to res.render...
CVE-2023-23630
CVE-2023-23630 affects Eta, a JS templating engine used with Node/Express; the XSS vulnerability exists when user-supplied data is passed to res.render. Root cause is improper handling of input leading to script injection. The issue has been fixed in Eta v2.0.0. Workarounds include not passing us...
GHSA-XRH7-M5PP-39R6 XSS Attack with Express API
Impact XSS attack - anyone using the Express API is impacted Patches The problem has been resolved. Users should upgrade to version 2.0.0. Workarounds Don't pass user supplied data directly to res.renderFile. References Are there any links users can visit to find out more? See...
XSS Attack with Express API
Impact XSS attack - anyone using the Express API is impacted Patches The problem has been resolved. Users should upgrade to version 2.0.0. Workarounds Don't pass user supplied data directly to res.renderFile. References Are there any links users can visit to find out more? See...
PT-2023-19091 · Eta +1 · Eta +1
Name of the Vulnerable Software and Affected Versions: Eta versions prior to 2.0.0 Description: The issue is related to a XSS attack that impacts anyone using the Express API. The estimated number of potentially affected devices is not provided. There is no information about real-world incidents...
GHSA-MF6X-HRGR-658F Eta vulnerable to Code Injection via templates rendered with user-defined data
Versions of the package eta before 2.0.0 are vulnerable to Remote Code Execution RCE by overwriting template engine configuration variables with view options received from The Express render API. Note: This is exploitable only for users who are rendering templates with user-defined data...
CVE-2020-3267
A vulnerability in the API subsystem of Cisco Unified Contact Center Express Unified CCX could allow an authenticated, remote attacker to change the availability state of any agent. The vulnerability is due to insufficient authorization enforcement on an affected system. An attacker could exploit...