EUVD-2018-2289

Malware in sbrugna...

React Router allows pre-render data spoofing on React-Router framework mode

Summary After some research, it turns out that it's possible to modify pre-rendered data by adding a header to the request. This allows to completely spoof its contents and modify all the values ​​of the data object passed to the HTML. Latest versions are impacted. Details The vulnerable header i...

PT-2025-9103 · Opencart · Opencart

Name of the Vulnerable Software and Affected Versions: OpenCart versions prior to 4.1.0 Description: The issue allows an attacker to modify the HTML of the victim's browser by sending a malicious URL and modifying the parameter name in the "/account/register" API endpoint. Recommendations: For...

CVE-2024-39910 Cross-site scripting (XSS) in the decidim admin panel with QuillJS WYSWYG editor

decidim is a Free Open-Source participatory democracy, citizen participation and open government for cities and organizations. The WYSWYG editor QuillJS is subject to potential XSS attach in case the attacker manages to modify the HTML before being uploaded to the server. The attacker is able to...

GHSA-VVQW-FQWX-MQMM Decidim::Admin vulnerable to cross-site scripting (XSS) in the admin panel with QuillJS WYSWYG editor

Impact The WYSWYG editor QuillJS is subject to potential XSS attach in case the attacker manages to modify the HTML before being uploaded to the server. The attacker is able to change e.g. to if they know how to craft these requests themselves. Patches N/A Workarounds Review the user accounts tha...

Decidim::Admin vulnerable to cross-site scripting (XSS) in the admin panel with QuillJS WYSWYG editor

Impact The WYSWYG editor QuillJS is subject to potential XSS attach in case the attacker manages to modify the HTML before being uploaded to the server. The attacker is able to change e.g. to if they know how to craft these requests themselves. Patches N/A Workarounds Review the user accounts tha...

TSplus 安全漏洞

TSplus is a remote access software software from TSplus. A security vulnerability exists in TSplus version 16.0.0.0, which originates from setting insecure file and folder permissions, which could allow a malicious user to manipulate the contents of a file e.g., change the code of an html page or...

Design/Logic Flaw

Origin Protocol is a blockchain based project. The Origin Protocol project website allows for malicious users to inject malicious Javascript via a POST request to /presale/join. User-controlled data is passed with no sanitization to SendGrid and injected into an email that is delivered to the...

Design/Logic Flaw

IBM Monitoring IBM Cloud APM 8.1.4 could allow an authenticated user to modify HTML content by sending a specially crafted HTTP request to the APM UI, which could mislead another user. IBM X-Force ID: 187974...

Cross site scripting

An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is XSS in invitation mail received from a different user, who can modify the HTML in that mail before sending it...

CVE-2018-10213

Vaultize Enterprise File Sharing 17.05.31 is affected by a cross-site scripting (XSS) vulnerability in the invitation mail flow, where a recipient from a different user can modify HTML in the mail before sending it. This enables potential XSS payloads if trusted HTML is rendered by the recipient’...

Horos 2.1.0 Cross Site Scripting

Horos 2.1.0 Web Portal DOM Based XSS Vendor: Horos Project Product web page: https://www.horosproject.org Affected version: 2.1.0 Summary: HorosaC/ is an open-source, free medical image viewer. The goal of the Horos Project is to develop a fully functional, 64-bit medical image viewer for OS X...

Horos 2.1.0 Web Portal DOM Based XSS

Summary Horos™ is an open-source, free medical image viewer. The goal of the Horos Project is to develop a fully functional, 64-bit medical image viewer for OS X. Horos is based upon OsiriX and other open source medical imaging libraries. Description Horos suffers from a DOM-based XSS vulnerabili...

Horos 2.1.0 Cross Site Scripting Vulnerability

Exploit for macOS platform in category dos / poc Horos 2.1.0 Web Portal DOM Based XSS Vendor: Horos Project Product web page: https://www.horosproject.org Affected version: 2.1.0 Summary: HorosaC/ is an open-source, free medical image viewer. The goal of the Horos Project is to develop a fully...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in the Enterprise Manager in McAfee Vulnerability Manager MVM 7.5.5 and earlier allow remote attackers to hijack the authentication of users for requests that modify HTML via unspecified vectors related to the "response web page."...

Use the split function perfectly free to kill the marine to the top such as asp Trojan-vulnerability warning-the black bar safety net

We all know the“marine top”of the asp Trojan is very famous. But in fact really use it, but not much. The main reason is because it is too well known to be mollusc stare very tight, the feature code also many, so doingfree killis very difficult. A few days ago, in the Black anti-of on see hack214...