PT-2026-32986

Hackage package and doc upload stored XSS vulnerability Author: Fraser Tweedale Haskell SRT Executive summary A critical XSS vulnerability affected hackage-server and hackage.haskell.org. HTML and JavaScript files provided in source packages or via the documentation upload facility were served...

EUVD-2021-16438

Malware in sbrugna...

CVE-2024-34342 react-pdf's PDF.js vulnerable to arbitrary JavaScript execution upon opening a malicious PDF

react-pdf displays PDFs in React apps. If PDF.js is used to load a malicious PDF, and PDF.js is configured with isEvalSupported set to true which is the default value, unrestricted attacker-controlled JavaScript will be executed in the context of the hosting domain. This vulnerability is fixed in...

CVE-2024-34342

This CVE affects the react-pdf library (PDF.js integration). When PDF.js loads a malicious PDF and isEvalSupported is true (default), attacker-controlled JavaScript can run in the hosting domain’s context. The vulnerability is fixed in PDF.js when updated to versions 7.7.3 or 8.0.2, and react-pdf...

PDF.js vulnerable to arbitrary JavaScript execution upon opening a malicious PDF

Impact If pdf.js is used to load a malicious PDF, and PDF.js is configured with isEvalSupported set to true which is the default value, unrestricted attacker-controlled JavaScript will be executed in the context of the hosting domain. Patches The patch removes the use of eval:...

Insecure Sharing of HTML/JS Files in Hubs Cloud Reticulum — Mozilla

Hubs Cloud allows users to download shared content, specifically HTML and JS, which could allow javascript execution in the Hub Cloud instance’s primary hosting domain...

Unfixed XSS vulnerability at www.cheap-hosting-domain.com

Security researcher KaBuS, has submitted on 05/03/2007 a cross-site-scripting XSS vulnerability affecting www.cheap-hosting-domain.com, which at the time of submission ranked 0 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 05/03/2007. It is...