EUVD-2024-2670

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2024-43370

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - gettext.js is a GNU gettext port for node and the browser. There is a cross-site scripting XSS injection if .po dictionary definition files are corrupted. This...

CVE-2024-43370

gettext.js is a GNU gettext port for node and the browser. There is a cross-site scripting XSS injection if .po dictionary definition files are corrupted. This vulnerability has been patched in version 2.0.3. As a workaround, control the origin of the definition catalog to prevent the use of this...

GHSA-G974-HXVM-X689 node-gettext vulnerable to Prototype Pollution

All versions of the package node-gettext are vulnerable to Prototype Pollution via the addTranslations function in gettext.js due to improper user input sanitization...

CVE-2024-21528

All versions of the package node-gettext are vulnerable to Prototype Pollution via the addTranslations function in gettext.js due to improper user input sanitization...

CVE-2024-21528

All versions of the package node-gettext are vulnerable to Prototype Pollution via the addTranslations function in gettext.js due to improper user input sanitization...

Cross-Site Scripting

gettext.js is vulnerable to Cross-Site Scripting. The vulnerability is due to improper input sanitization in the parsing of .po dictionary definition files, allowing malicious code injection. Attackers can craft malicious .po files containing JavaScript code, which, when loaded and processed by...

CVE-2024-43370

gettext.js is a GNU gettext port for node and the browser. There is a cross-site scripting XSS injection if .po dictionary definition files are corrupted. This vulnerability has been patched in version 2.0.3. As a workaround, control the origin of the definition catalog to prevent the use of this...

DEBIAN-CVE-2024-43370

gettext.js is a GNU gettext port for node and the browser. There is a cross-site scripting XSS injection if .po dictionary definition files are corrupted. This vulnerability has been patched in version 2.0.3. As a workaround, control the origin of the definition catalog to prevent the use of this...

CVE-2024-43370

gettext.js is a GNU gettext port for node and the browser. There is a cross-site scripting XSS injection if .po dictionary definition files are corrupted. This vulnerability has been patched in version 2.0.3. As a workaround, control the origin of the definition catalog to prevent the use of this...

UBUNTU-CVE-2024-43370

gettext.js is a GNU gettext port for node and the browser. There is a cross-site scripting XSS injection if .po dictionary definition files are corrupted. This vulnerability has been patched in version 2.0.3. As a workaround, control the origin of the definition catalog to prevent the use of this...

CVE-2024-43370 gettext.js vulnerable to cross-site scripting (XSS)

gettext.js is a GNU gettext port for node and the browser. There is a cross-site scripting XSS injection if .po dictionary definition files are corrupted. This vulnerability has been patched in version 2.0.3. As a workaround, control the origin of the definition catalog to prevent the use of this...

CVE-2024-43370 gettext.js vulnerable to cross-site scripting (XSS)

gettext.js is a GNU gettext port for node and the browser. There is a cross-site scripting XSS injection if .po dictionary definition files are corrupted. This vulnerability has been patched in version 2.0.3. As a workaround, control the origin of the definition catalog to prevent the use of this...

gettext.js has a Cross-site Scripting injection

Impact Possible vulnerability to XSS injection if .po dictionary definition files is corrupted Patches Update gettext.js to 2.0.3 Workarounds Make sure you control the origin of the definition catalog to prevent the use of this flaw in the definition of plural forms...

@superdesk/build-tools (>=1.0.0 <=2.0.1), @ucp-npm/components (>=0.0.4-beta <=0.0.19-beta) +5 more potentially affected by CVE-2024-43370 via gettext.js (>=0.5.5 <=1.2.0)

gettext.js NPM version =0.5.5, =1.0.0, =0.0.4-beta, =1.0.0, =1.0.1, =1.0.0, =0.0.6, =0.0.12 - gettext.js-po-loader =0.0.2 Source cves: CVE-2024-43370 Source advisory: OSV:GHSA-VWHG-JWR4-VXGG...

GHSA-VWHG-JWR4-VXGG gettext.js has a Cross-site Scripting injection

Impact Possible vulnerability to XSS injection if .po dictionary definition files is corrupted Patches Update gettext.js to 2.0.3 Workarounds Make sure you control the origin of the definition catalog to prevent the use of this flaw in the definition of plural forms...

Cross-Site Scripting (XSS)

angular-gettext is vulnerable to cross-site scripting. interpolationContext is passed to getString or getPlural functions in dist/angular-gettext.js and src/directive.js, which allows attackers to inject arbitrary Javascript code into a victim's browser when the attribute...