18 matches found
BIT-CODEIGNITER-2022-21647
CodeIgniter is an open source PHP full-stack web framework. Deserialization of Untrusted Data was found in the old function in CodeIgniter4. Remote attackers may inject auto-loadable arbitrary objects with this vulnerability, and possibly execute existing PHP code on the server. We are aware of a...
Malicious code in oj-form-helper (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 08640301c07abb7a71bc12fb8175161185cb6ac67e0118f9f0e05ec591d5f30e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2023-650 Malicious code in oj-form-helper (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 08640301c07abb7a71bc12fb8175161185cb6ac67e0118f9f0e05ec591d5f30e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
SUSE CVE-2009-3009
Cross-site scripting XSS vulnerability in Ruby on Rails 2.x before 2.2.3, and 2.3.x before 2.3.4, allows remote attackers to inject arbitrary web script or HTML by placing malformed Unicode strings into a form helper...
Information Disclosure
foreman is vulnerable to information disclosure. The form helper does not authorize options for associated objects, allowing users to see the names of such objects...
CVE-2016-7077
foreman before 1.14.0 is vulnerable to an information leak. It was found that Foreman form helper does not authorize options for associated objects. Unauthorized user can see names of such objects if their count is less than 6...
Design/Logic Flaw
foreman before 1.14.0 is vulnerable to an information leak. It was found that Foreman form helper does not authorize options for associated objects. Unauthorized user can see names of such objects if their count is less than 6...
foreman: Foreman information leak through unauthorized multiple_checkboxes helper
foreman before 1.14.0 is vulnerable to an information leak. It was found that Foreman form helper does not authorize options for associated objects. Unauthorized user can see names of such objects if their count is less than 6...
Cross site scripting that affects rails
Cross-site scripting XSS vulnerability in Ruby on Rails 2.x before 2.2.3, and 2.3.x before 2.3.4, allows remote attackers to inject arbitrary web script or HTML by placing malformed Unicode strings into a form helper...
GHSA-8QRH-H9M2-5FVF Cross site scripting that affects rails
Cross-site scripting XSS vulnerability in Ruby on Rails 2.x before 2.2.3, and 2.3.x before 2.3.4, allows remote attackers to inject arbitrary web script or HTML by placing malformed Unicode strings into a form helper...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting XSS vulnerability in Ruby on Rails 2.x before 2.2.3, and 2.3.x before 2.3.4, allows remote attackers to inject arbitrary web script or HTML by placing malformed Unicode strings into a form helper...
Cross site scripting that affects rails
Cross-site scripting XSS vulnerability in Ruby on Rails 2.x before 2.2.3, and 2.3.x before 2.3.4, allows remote attackers to inject arbitrary web script or HTML by placing malformed Unicode strings into a form helper...
codeigniter -- multiple vulnerabilities
The CodeIgniter changelog reports: Fixed an XSS vulnerability in Security Library method xssclean. Fixed a possible file inclusion vulnerability in Loader Library method vars. Fixed a possible remote code execution vulnerability in the Email Library when ‘mail’ or ‘sendmail’ are used thanks to Pa...
Cross site scripting
Cross-site scripting XSS vulnerability in Ruby on Rails 2.x before 2.2.3, and 2.3.x before 2.3.4, allows remote attackers to inject arbitrary web script or HTML by placing malformed Unicode strings into a form helper...
CVE-2009-3009
Cross-site scripting XSS vulnerability in Ruby on Rails 2.x before 2.2.3, and 2.3.x before 2.3.4, allows remote attackers to inject arbitrary web script or HTML by placing malformed Unicode strings into a form helper...
DEBIAN-CVE-2009-3009
Cross-site scripting XSS vulnerability in Ruby on Rails 2.x before 2.2.3, and 2.3.x before 2.3.4, allows remote attackers to inject arbitrary web script or HTML by placing malformed Unicode strings into a form helper...
CVE-2009-3009
Cross-site scripting XSS vulnerability in Ruby on Rails 2.x before 2.2.3, and 2.3.x before 2.3.4, allows remote attackers to inject arbitrary web script or HTML by placing malformed Unicode strings into a form helper...
CVE-2009-3009
Ruby on Rails 2.x before 2.2.3, and 2.3.x before 2.3.4, are affected by CVE-2009-3009 due to an input sanitization flaw in a form helper that can allow cross-site scripting via malformed Unicode strings. This is a known XSS vulnerability that could enable remote attackers to inject arbitrary scri...