11 matches found
HSEC-2023-0008 Stored XSS in hledger-web
Stored XSS in hledger-web An issue was discovered in hledger-web 1.23. A Stored Cross-Site Scripting XSS vulnerability exists in toBloodhoundJson that allows an attacker to execute JavaScript by encoding user-controlled values in a payload with base64 and parsing them with the atob function...
EUVD-2021-33538
Malicious code in bioql PyPI...
SUSE CVE-2021-46888
An issue was discovered in hledger before 1.23. A Stored Cross-Site Scripting XSS vulnerability exists in toBloodhoundJson that allows an attacker to execute JavaScript by encoding user-controlled values in a payload with base64 and parsing them with the atob function...
CVE-2021-46888
An issue was discovered in hledger before 1.23. A Stored Cross-Site Scripting XSS vulnerability exists in toBloodhoundJson that allows an attacker to execute JavaScript by encoding user-controlled values in a payload with base64 and parsing them with the atob function...
CVE-2021-46888
An issue was discovered in hledger before 1.23. A Stored Cross-Site Scripting XSS vulnerability exists in toBloodhoundJson that allows an attacker to execute JavaScript by encoding user-controlled values in a payload with base64 and parsing them with the atob function...
Cross site scripting
An issue was discovered in hledger before 1.23. A Stored Cross-Site Scripting XSS vulnerability exists in toBloodhoundJson that allows an attacker to execute JavaScript by encoding user-controlled values in a payload with base64 and parsing them with the atob function...
PT-2023-12608
Name of the Vulnerable Software and Affected Versions hledger versions prior to 1.23 hledger-web versions prior to 1.23 Description A Stored Cross-Site Scripting XSS issue exists in the toBloodhoundJson function, allowing an attacker to execute JavaScript by encoding user-controlled values in a...
CVE-2021-46888
An issue was discovered in hledger before 1.23. A Stored Cross-Site Scripting XSS vulnerability exists in toBloodhoundJson that allows an attacker to execute JavaScript by encoding user-controlled values in a payload with base64 and parsing them with the atob function...
CVE-2021-46888
An issue was discovered in hledger before 1.23. A Stored Cross-Site Scripting XSS vulnerability exists in toBloodhoundJson that allows an attacker to execute JavaScript by encoding user-controlled values in a payload with base64 and parsing them with the atob function...
hledger 跨站脚本漏洞
hledger is HLEDGER open source a powerful, fast and intuitive plain text accounting tool with CLI, TUI and Web interfaces. A security vulnerability exists in hledger versions prior to 1.23 that stems from a problem in toBloodhoundJson that allows an attacker to execute JavaScript by encoding...
CVE-2021-46888
The connected OSV entry confirms a Stored XSS in hledger-web (pre-1.23) via toBloodhoundJson that can execute JavaScript when user-controlled data is base64-encoded and parsed with atob. Affected software includes hledger and especially hledger-web prior to version 1.23. Impact is client-side scr...