16 matches found
EUVD-2023-1170
Malicious code in bioql PyPI...
CVE-2023-28851
Silverstripe Form Capture provides a method to capture simple silverstripe forms and an admin interface for users. Starting in version 0.2.0 and prior to versions 1.0.2, 1.1.0, 2.2.5, and 3.1.1, improper escaping when presenting stored form submissions allowed for an attacker to perform a...
GHSA-38H6-GMR2-J4WX Silverstripe Form Capture vulnerable to stored cross-site-scripting
Impact Improper escaping when presenting stored form submissions allowed for an attacker to perform a Cross-Site Scripting attack Patches The vulnerability was initially patched in version 1.0.2, and version 1.1.0 includes this patch. The bug was then accidentally re-introduced during a merge...
Silverstripe Form Capture vulnerable to stored cross-site-scripting
Impact Improper escaping when presenting stored form submissions allowed for an attacker to perform a Cross-Site Scripting attack Patches The vulnerability was initially patched in version 1.0.2, and version 1.1.0 includes this patch. The bug was then accidentally re-introduced during a merge...
CVE-2023-28851
Silverstripe Form Capture provides a method to capture simple silverstripe forms and an admin interface for users. Starting in version 0.2.0 and prior to versions 1.0.2, 1.1.0, 2.2.5, and 3.1.1, improper escaping when presenting stored form submissions allowed for an attacker to perform a...
Cross site scripting
Silverstripe Form Capture provides a method to capture simple silverstripe forms and an admin interface for users. Starting in version 0.2.0 and prior to versions 1.0.2, 1.1.0, 2.2.5, and 3.1.1, improper escaping when presenting stored form submissions allowed for an attacker to perform a...
CVE-2023-28851 Silverstripe Form Capture vulnerable to Stored Cross-Site Scripting
Silverstripe Form Capture provides a method to capture simple silverstripe forms and an admin interface for users. Starting in version 0.2.0 and prior to versions 1.0.2, 1.1.0, 2.2.5, and 3.1.1, improper escaping when presenting stored form submissions allowed for an attacker to perform a...
CVE-2023-28851
CVE-2023-28851 affects Silverstripe Form Capture. The issue is improper escaping when presenting stored form submissions, enabling stored Cross-Site Scripting (XSS). Impacted versions include 0.2.0 and older than 1.0.2, 1.1.0, 2.2.5, and 3.1.1. The patch history is: initial fix in 1.0.2, patch in...
CVE-2023-28851 Silverstripe Form Capture vulnerable to Stored Cross-Site Scripting
Silverstripe Form Capture provides a method to capture simple silverstripe forms and an admin interface for users. Starting in version 0.2.0 and prior to versions 1.0.2, 1.1.0, 2.2.5, and 3.1.1, improper escaping when presenting stored form submissions allowed for an attacker to perform a...
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Silverstripe Form Capture provides a method to capture simple silverstripe forms and an admin interface for users. Starting in version 0.2.0 and prior to versions 1.0.2, 1.1.0, 2.2.5, and 3.1.1, improper escaping when presenting stored form submissions allowed for an attacker to perform a...
Silverstripe Form Capture 跨站脚本漏洞
Silverstripe Form Capture is a UK Bigfork that provides a simple Silverstripe Form Capture method and a user-friendly administration interface. Silverstripe Form Capture 0.2.0 to 0.2.3, 1.0.0 to 1.0.1, 2.0.0 to 2.2.4, 3.0.0 to 3.1.0 version of the existence of a security vulnerability , the...
Malicious Package
grunt-radical contains malicious code. The code when executed in the browser would capture password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl=...
Malicious Package
jekyll-for-github-projects contains malicious code. The code when executed in the browser would capture password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl=...
Malicious Package
libubx contains malicious code. The code when executed in the browser would capture password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl=...
Malicious Package
motiv.scss contains malicious code. The code when executed in the browser would capture password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl=...
Malicious Package
react-datepicker-plus contains malicious code. The code when executed in the browser would capture password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl=...