78 matches found
EUVD-2021-0205
Malware in sbrugna...
EUVD-2015-5574
Malware in sbrugna...
EUVD-2025-5527
Malicious code in bioql PyPI...
EUVD-2022-2458
Malicious code in bioql PyPI...
Cross-site Scripting (XSS)
Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Cross-site Scripting XSS via the HTML form element on the Form Trigger node. An authenticated attacker can execute arbitrary JavaScript code in the context of authenticated users by injecting...
DRUPAL-CONTRIB-2025-092
This module allows you to manage video media items using the COOKiES module disabling external video elements. These elements will be enabled again, once the COOKiES banner is accepted. The module doesn't sufficiently check whether to convert "data-src" attributes to "src" when their value might...
COOKiES Consent Management - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-092
This module allows you to manage video media items using the COOKiES module disabling external video elements. These elements will be enabled again, once the COOKiES banner is accepted. The module doesn't sufficiently check whether to convert "data-src" attributes to "src" when their value might...
tarteaucitron.js vulnerable to DOM Clobbering via document.currentScript
A vulnerability was identified in tarteaucitron.js where document.currentScript was accessed without verifying that it referenced an actual element. If an attacker injected an HTML element such as: it could clobber the document.currentScript property. This causes the script to resolve incorrectly...
COOKiES Consent Management - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-075
This module provides a format filter, which allows you to "disable" certain HTML elements e.g. remove their src attribute specified by the user. These elements will be enabled again, once the COOKiES banner is accepted. The module doesn't sufficiently check whether to convert "data-src" attribute...
CVE-2024-53388
A DOM Clobbering vulnerability in mavo v0.3.2 allows attackers to execute arbitrary code via supplying a crafted HTML element...
CVE-2024-53387
A DOM Clobbering vulnerability in umeditor v1.2.3 allows attackers to execute arbitrary code via supplying a crafted HTML element...
CVE-2024-53387
A DOM Clobbering vulnerability in umeditor v1.2.3 allows attackers to execute arbitrary code via supplying a crafted HTML element...
CVE-2024-53388
A DOM Clobbering vulnerability in mavo v0.3.2 allows attackers to execute arbitrary code via supplying a crafted HTML element...
CVE-2024-53387
A DOM Clobbering vulnerability in umeditor v1.2.3 allows attackers to execute arbitrary code via supplying a crafted HTML element...
CVE-2024-53388
The CVE-2024-53388 entry describes a DOM Clobbering vulnerability in the Mavo project, specifically version v0.3.2, where an attacker can cause arbitrary code execution by supplying a crafted HTML element. This is corroborated across multiple connected records (Red Hat, GitHub GHSA advisory, OSV,...
CVE-2024-53388
A DOM Clobbering vulnerability in mavo v0.3.2 allows attackers to execute arbitrary code via supplying a crafted HTML element...
CVE-2024-53387
CVE-2024-53387 affects umeditor v1.2.3 and is described as a DOM Clobbering vulnerability that allows arbitrary code execution via a crafted HTML element. The root cause is a DOM clobber issue in the editor component; exploitation requires user interaction (per CVSS vector). Impact is high (C/H/I...
CVE-2024-53387
A DOM Clobbering vulnerability in umeditor v1.2.3 allows attackers to execute arbitrary code via supplying a crafted HTML element...
CVE-2024-47604 XSS vulnerability in NuGetGallery HTML attributes handling
NuGet Gallery is a package repository that powers nuget.org. The NuGetGallery has a security vulnerability in its handling of HTML element attributes, which allows an attacker to execute arbitrary HTML or Javascript code in a victim's browser...
Vite DOM Clobbering gadget found in vite bundled scripts that leads to XSS
Summary We discovered a DOM Clobbering vulnerability in Vite when building scripts to cjs/iife/umd output format. The DOM Clobbering gadget in the module can lead to cross-site scripting XSS in web pages where scriptless attacker-controlled HTML elements e.g., an img tag with an unsanitized name...