Lucene search
K

7 matches found

Github Security Blog
Github Security Blog
added 2026/04/13 9:30 p.m.11 views

DbGate has cross site scripting via the SVG Icon String Handler component

A security vulnerability has been detected in DbGate up to 7.1.4. This affects an unknown function of the file packages/web/src/icons/FontIcon.svelte of the component SVG Icon String Handler. Such manipulation of the argument applicationIcon leads to cross site scripting. The attack may be launch...

5.1CVSS4.2AI score0.00191EPSS
Exploits0References7Affected Software1
NVD
NVD
added 2026/04/13 9:16 p.m.8 views

CVE-2026-6216

A security vulnerability has been detected in DbGate up to 7.1.4. This affects an unknown function of the file packages/web/src/icons/FontIcon.svelte of the component SVG Icon String Handler. Such manipulation of the argument applicationIcon leads to cross site scripting. The attack may be launch...

5.1CVSS0.00191EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/13 8:15 p.m.24 views

CVE-2026-6216 DbGate SVG Icon String FontIcon.svelte cross site scripting

A security vulnerability has been detected in DbGate up to 7.1.4. This affects an unknown function of the file packages/web/src/icons/FontIcon.svelte of the component SVG Icon String Handler. Such manipulation of the argument applicationIcon leads to cross site scripting. The attack may be launch...

5.1CVSS0.00191EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/13 12:0 a.m.11 views

PT-2026-32518

A security vulnerability has been detected in DbGate up to 7.1.4. This affects an unknown function of the file packages/web/src/icons/FontIcon.svelte of the component SVG Icon String Handler. Such manipulation of the argument applicationIcon leads to cross site scripting. The attack may be launch...

5.1CVSS4.2AI score0.00191EPSS
Exploits0References7
OSV
OSV
added 2025/07/15 1:9 a.m.4 views

MAL-2025-5881 Malicious code in @vapc-ui/font-icon (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dd90c9c485b4d7e6b450d510ae8e7196fc5ad78f7d4f397267056dace122ab38 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSV
OSV
added 2021/05/14 12:15 p.m.4 views

CVE-2021-24284

The Kaswara Modern VC Addons WordPress plugin through 3.0.1 allows unauthenticated arbitrary file upload via the 'uploadFontIcon' AJAX action. The supplied zipfile being unzipped in the wp-content/uploads/kaswara/fontsicon directory with no checks for malicious files such as PHP...

9.8CVSS5.9AI score
Exploits0References3
CNNVD
CNNVD
added 2021/05/14 12:0 a.m.16 views

WordPress plugin 代码问题漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . A code issue vulnerability exists in Kaswara Modern VC...

9.8CVSS5.9AI score0.4214EPSS
Exploits3References6
Rows per page
Query Builder