18 matches found
CVE-2019-12047
Gridea v0.8.0 has an XSS vulnerability through which the Nodejs module can be called to achieve arbitrary code execution, as demonstrated by childprocess.exec and the "...
EUVD-2019-3701
Malware in sbrugna...
EUVD-2022-43572
Malicious code in bioql PyPI...
CVE-2022-40274
Gridea version 0.9.3 allows an external attacker to execute arbitrary code remotely on any client attempting to view a malicious markdown file through Gridea. This is possible because the application has the 'nodeIntegration' option enabled...
CVE-2022-40274
Gridea version 0.9.3 allows an external attacker to execute arbitrary code remotely on any client attempting to view a malicious markdown file through Gridea. This is possible because the application has the 'nodeIntegration' option enabled...
CVE-2022-40274
Gridea version 0.9.3 allows an external attacker to execute arbitrary code remotely on any client attempting to view a malicious markdown file through Gridea. This is possible because the application has the 'nodeIntegration' option enabled...
Code injection
Gridea version 0.9.3 allows an external attacker to execute arbitrary code remotely on any client attempting to view a malicious markdown file through Gridea. This is possible because the application has the 'nodeIntegration' option enabled...
CVE-2022-40274
Gridea version 0.9.3 allows an external attacker to execute arbitrary code remotely on any client attempting to view a malicious markdown file through Gridea. This is possible because the application has the 'nodeIntegration' option enabled...
CVE-2022-40274
Gridea version 0.9.3 allows an external attacker to execute arbitrary code remotely on any client attempting to view a malicious markdown file through Gridea. This is possible because the application has the 'nodeIntegration' option enabled...
CVE-2022-40274
CVE-2022-40274 affects Gridea 0.9.3. The root cause is the application running with nodeIntegration enabled, allowing an attacker to remotely execute arbitrary code when a user views a malicious Markdown file. Impact is described as high in multiple sources. The documentation does not indicate a ...
PT-2022-25313 · Gridea · Gridea
Name of the Vulnerable Software and Affected Versions: Gridea version 0.9.3 Description: The issue allows an external attacker to execute arbitrary code remotely on any client attempting to view a malicious markdown file through Gridea. This is possible because the application has the...
Gridea 安全漏洞
Gridea is a personal blog editing client program. A security vulnerability exists in Gridea version 0.9.3. An attacker can exploit this vulnerability to remotely execute arbitrary code...
XSS vulnerability in Gridea
Gridea is a static blog writing client. An XSS vulnerability exists in Gridea, which can be exploited by an attacker to execute a malicious script and obtain an administrator cookie...
CVE-2019-12047
Gridea v0.8.0 has an XSS vulnerability through which the Nodejs module can be called to achieve arbitrary code execution, as demonstrated by childprocess.exec and the "img src= onerror='evalnew Buffer" substring...
CVE-2019-12047
Gridea v0.8.0 has an XSS vulnerability through which the Nodejs module can be called to achieve arbitrary code execution, as demonstrated by childprocess.exec and the "img src= onerror='evalnew Buffer" substring...
Design/Logic Flaw
Gridea v0.8.0 has an XSS vulnerability through which the Nodejs module can be called to achieve arbitrary code execution, as demonstrated by childprocess.exec and the "img src= onerror='evalnew Buffer" substring...
CVE-2019-12047
CVE-2019-12047 affects Gridea v0.8.0 with an XSS flaw that allows an attacker to trigger arbitrary code execution by invoking a Node.js module (e.g., via child_process.exec) from crafted input, demonstrated by an onerror payload. The issue is caused by insufficient input sanitization leading to ...
CVE-2019-12047
Gridea v0.8.0 has an XSS vulnerability through which the Nodejs module can be called to achieve arbitrary code execution, as demonstrated by childprocess.exec and the "img src= onerror='evalnew Buffer" substring...