Malicious code in tricks_updated_xbox_unlimited_giftcards__generator_for_free-rpk9 (npm)

--- -= Per source details. Do not edit below this line.=-...

CVE-2022-34776

Tabit - giftcard stealth. Several APIs on the web system display, without authorization, sensitive information such as health statements, previous bills in a specific restaurant, alcohol consumption and smoking habits. Each of the described APIs, has in its URL one or more MongoDB ID which is not...

CVE-2022-34776

The CVE-2022-34776 entry concerns the Tabit giftcard system, where several web APIs expose sensitive user data without authorization. Affected component is the web API layer that returns health statements, prior bills for a restaurant, and drinking/smoking habits, with each API URL including Mong...

CVE-2020-35627

Ultimate WooCommerce Gift Cards 3.0.2 is affected by a file upload vulnerability in the Custom GiftCard Template that can remotely execute arbitrary code. Once it contains the function "Custom Gift Card Template", the function of uploading a custom image is used, changing the name of the image...

CVE-2020-35627

Ultimate WooCommerce Gift Cards 3.0.2 is affected by a file upload vulnerability in the Custom GiftCard Template that can remotely execute arbitrary code. Once it contains the function "Custom Gift Card Template", the function of uploading a custom image is used, changing the name of the image...

Giftcard Cross Site Scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Since November 2013 I reported seven Cross-site Scripting vulnerabilities to the Giftcard Bug Bounty Program. Sadly, only one of them wasn't a duplicate :-/. Strange? Perhaps, but not impossible given the simplicity of the vulnerabilities. But what I...