MAL-2026-2414 Malicious code in ftapi-core (npm)

Multiple suspicious behaviors: hex obfuscation, code execution via constructor, process access, install script, and suspicious author email. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1a78a31e9e0e51a5531ac61b714695aa1af1ac1379233e78623ac3ed63285f6c The...

Malicious code in ftapi-core (npm)

Multiple suspicious behaviors: hex obfuscation, code execution via constructor, process access, install script, and suspicious author email. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1a78a31e9e0e51a5531ac61b714695aa1af1ac1379233e78623ac3ed63285f6c The...

EUVD-2021-12188

Malware in sbrugna...

EUVD-2021-12189

Malware in sbrugna...

Malicious code in @ftapi/components (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 465d533e4d5739006fe746ab80f7ca366926e9c7fa2a5d063a1a2c6a2b1cfb9c The OpenSSF Package Analysis project identified '@ftapi/components' @...

MAL-2025-5004 Malicious code in @ftapi/components (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 465d533e4d5739006fe746ab80f7ca366926e9c7fa2a5d063a1a2c6a2b1cfb9c The OpenSSF Package Analysis project identified '@ftapi/components' @...

CVE-2021-25278

FTAPI 4.0 through 4.10 allows XSS via an SVG document to the Background Image upload feature in the Submit Box Template Editor...

FTAPI Cross-Site Scripting Vulnerability

FTAPI is an end-to-end encrypted file transfer and data room solution with unlimited file size. A cross-site scripting vulnerability exists in the "Background Image" upload function in the "Submit Box Template Editor" in FTAPI 4.0 - 4.10. An attacker can exploit this vulnerability by uploading an...

CVE-2021-25277

FTAPI 4.0 - 4.10 allows XSS via a crafted filename to the alternative text hover box in the file submission component...

CVE-2021-25278

FTAPI 4.0 through 4.10 allows XSS via an SVG document to the Background Image upload feature in the Submit Box Template Editor...

CVE-2021-25277

FTAPI 4.0 - 4.10 allows XSS via a crafted filename to the alternative text hover box in the file submission component...

Session fixation

FTAPI 4.0 - 4.10 allows XSS via a crafted filename to the alternative text hover box in the file submission component...

Design/Logic Flaw

FTAPI 4.0 through 4.10 allows XSS via an SVG document to the Background Image upload feature in the Submit Box Template Editor...

CVE-2021-25278

FTAPI 4.0 through 4.10 allows XSS via an SVG document to the Background Image upload feature in the Submit Box Template Editor...

CVE-2021-25278

The FTAPI vulnerability CVE-2021-25278 affects FTAPI versions 4.0–4.10 and is a cross-site scripting flaw in the Background Image upload feature of the Submit Box Template Editor. An attacker can exploit the issue by uploading an SVG file containing embedded JavaScript, which may compromise a vic...

CVE-2021-25277

FTAPI 4.0 - 4.10 allows XSS via a crafted filename to the alternative text hover box in the file submission component...

CVE-2021-25277

CVE-2021-25277 affects FTAPI versions 4.0–4.10. The issue is a cross-site scripting (XSS) vulnerability triggered by a crafted filename that is processed in the file submission component’s alternative text hover box. The root cause is improper handling of filename input in the hover text renderin...