EUVD-2024-3094

Malicious code in bioql PyPI...

GHSA-P8PC-3F7W-JR5Q Foundation Regular Expression Denial of Service vulnerability

Foundation is a front-end framework. Versions 6.3.3 and prior contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service ReDoS. As of time of publication, it is unknown if any fixes are available...

CVE-2020-26304 GHSL-2020-290: Regular Expression Denial of Service (ReDoS) in foundation-sites

Foundation is a front-end framework. Versions 6.3.3 and prior contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service ReDoS. As of time of publication, it is unknown if any fixes are available...

Cross-site Scripting

Overview org.fujion.webjars:bootstrap is a popular front-end framework for faster and easier web development. Affected versions of this package are vulnerable to Cross-site Scripting through the data-loading-text attribute in the button component. An attacker can execute arbitrary JavaScript code...

File upload vulnerability in H-ui.admin

H-ui front-end framework is a lightweight front-end framework. A file upload vulnerability exists in H-ui.admin, which can be exploited by attackers to gain control of a web server...

Bootstrap Cross-Site Scripting Vulnerability (CNVD-2018-13371)

Bootstrap is an open source web front-end framework developed using HTML, CSS and JavaScript . A cross-site scripting vulnerability exists in the data-container attribute of tooltip in versions of Bootstrap prior to 4.1.2. A remote attacker can exploit this vulnerability to inject arbitrary web...

YXcmsApp某处xss导致getshell

简要描述： xss到后台导致getshell一条龙服务不过略鸡肋。 详细说明： YXCMS是一款面向企业的内容管理系统，采用三级缓存，MVC架构以BSD协议开源。 注册了用户以后来到用户管理页面，点击信息发布 - 增加咨询，发现是一个富文本编辑器，kindeditor。不管是什么编辑器，既然给了一个用户这么大的权限，这种情况下很容易出现xss。 随便输入点什么东西，抓包，修改content字段内容，写你的xss代码，什么都行。 好了。管理员在后台就能看到我提交的文章： 然后编辑的话就能触发xss：...