GHSA-HM54-FG2W-2G6J MODX allows cross-site scripting (XSS) via an SVG file

A cross-site scripting XSS vulnerability has been identified in MODX prior to 3.1.0. The vulnerability allows authenticated users to upload SVG files containing malicious JavaScript code as profile images, which gets executed in victims' browsers when viewing the profile image...

CVE-2024-23331 Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem

Vite is a frontend tooling framework for javascript. The Vite dev server option server.fs.deny can be bypassed on case-insensitive file systems using case-augmented versions of filenames. Notably this affects servers hosted on Windows. This bypass is similar to CVE-2023-34092 -- with surface area...

mooSocial mooDating 跨站脚本漏洞

mooSocial mooDating is a dating application from mooSocial. A cross-site scripting vulnerability exists in mooSocial mooDating version 1.2, which stems from a cross-site scripting XSS vulnerability in files/users...

CVE-2019-10467

Jenkins Sonar Gerrit Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...