21 matches found
EUVD-2025-199141
Malicious code in ids-enterprise-typings npm...
MAL-2025-191109 Malicious code in ids-enterprise-typings (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d8d2289786c3e4396ada63a5a2651f54fc6a55d011e2b5f8acccb8aa21b11cab The package ids-enterprise-typings was found to contain malicious code. Source: ghsa-malware...
MAL-2025-191108 Malicious code in ids-enterprise-ng (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 02ae15f729fa23d65989e0f3873d023de175ecf54bb2b230df46861c246bf7df The package ids-enterprise-ng was found to contain malicious code. Source: ghsa-malware...
Malicious code in ids-enterprise-ng (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 02ae15f729fa23d65989e0f3873d023de175ecf54bb2b230df46861c246bf7df The package ids-enterprise-ng was found to contain malicious code. Source: ghsa-malware...
EUVD-2025-199142
Malicious code in ids-enterprise-ng npm...
MAL-2025-191107 Malicious code in ids-enterprise-mcp-server (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7eff48b53ace7d90fb4a9c05eb62e2e8e1b6540f5dd4058611b4aa8203057276 The package ids-enterprise-mcp-server was found to contain malicious code. Source: ghsa-malware...
EUVD-2025-199144
Malicious code in ids-enterprise-mcp-server npm...
Malicious code in ids-enterprise-mcp-server (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7eff48b53ace7d90fb4a9c05eb62e2e8e1b6540f5dd4058611b4aa8203057276 The package ids-enterprise-mcp-server was found to contain malicious code. Source: ghsa-malware...
@ids-sandbox/npm-test (>=0.0.1 <=0.0.6), ids-enterprise (>=4.67.0 <=4.68.6) +1 more potentially affected by unknown CVE via ids-css (=1.5.0)
ids-css NPM version =1.5.0 is affected by a known vulnerability. The following packages have a transitive dependency on ids-css and may be impacted: - @ids-sandbox/npm-test =0.0.1, =4.67.0, =14.3.1, =17.2.1-dev.20240108 Source cves: unknown CVE Source advisory: OSV:MAL-2025-191106...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
ids-enterprise-ng (>=4.7.0 <=9.5.2), sohoreact (>=1.0.0 <=1.0.3) potentially affected by unknown CVE via ids-enterprise (>=4.10.0-beta.0 <=4.18.1)
ids-enterprise NPM version =4.10.0-beta.0, =4.7.0, =1.0.0, =1.0.3 Source cves: unknown CVE Source advisory: OSV:GHSA-49R3-3H96-RWJ6...
Cross-Site Scripting in ids-enterprise
Versions of ids-enterprise prior to 4.18.2 are vulnerable to Cross-Site Scripting XSS. The soho-dropdown component does not properly encode its output and may allow attackers to execute arbitrary JavaScript. Recommendation Upgrade to version 4.18.2 or later...
GHSA-49R3-3H96-RWJ6 Cross-Site Scripting in ids-enterprise
Versions of ids-enterprise prior to 4.18.2 are vulnerable to Cross-Site Scripting XSS. The soho-dropdown component does not properly encode its output and may allow attackers to execute arbitrary JavaScript. Recommendation Upgrade to version 4.18.2 or later...
GHSA-HPFQ-8WX8-CGQW Cross-Site Scripting in ids-enterprise
Versions of ids-enterprise prior to 4.18.2 are vulnerable to Cross-Site Scripting XSS. The modal component fails to sanitize input to the title attribute, which may allow attackers to execute arbitrary JavaScript. Recommendation Upgrade to version 4.18.2 or later...
ids-enterprise-ng (>=4.7.0 <=9.5.2), sohoreact (>=1.0.0 <=1.0.3) potentially affected by unknown CVE via ids-enterprise (>=4.10.0-beta.0 <=4.18.1)
ids-enterprise NPM version =4.10.0-beta.0, =4.7.0, =1.0.0, =1.0.3 Source cves: unknown CVE Source advisory: OSV:GHSA-HPFQ-8WX8-CGQW...
Cross-Site Scripting in ids-enterprise
Versions of ids-enterprise prior to 4.18.2 are vulnerable to Cross-Site Scripting XSS. The modal component fails to sanitize input to the title attribute, which may allow attackers to execute arbitrary JavaScript. Recommendation Upgrade to version 4.18.2 or later...
GHSA-CRFX-5PHG-HMW9 Cross-Site Scripting in ids-enterprise
Versions of ids-enterprise prior to 4.18.2 are vulnerable to Cross-Site Scripting XSS. Script tags in the soho-autocomplete component are not properly encoded and may allow attackers to execute arbitrary JavaScript. Recommendation Upgrade to version 4.18.2 or later...
Cross-Site Scripting in ids-enterprise
Versions of ids-enterprise prior to 4.18.2 are vulnerable to Cross-Site Scripting XSS. Script tags in the soho-autocomplete component are not properly encoded and may allow attackers to execute arbitrary JavaScript. Recommendation Upgrade to version 4.18.2 or later...
ids-enterprise-ng (>=4.7.0 <=9.5.2), sohoreact (>=1.0.0 <=1.0.3) potentially affected by unknown CVE via ids-enterprise (>=4.10.0-beta.0 <=4.18.1)
ids-enterprise NPM version =4.10.0-beta.0, =4.7.0, =1.0.0, =1.0.3 Source cves: unknown CVE Source advisory: OSV:GHSA-CRFX-5PHG-HMW9...
Cross-Site Scripting
Overview Versions of ids-enterprise prior to 4.18.2 are vulnerable to Cross-Site Scripting XSS. The modal component fails to sanitize input to the title attribute, which may allow attackers to execute arbitrary JavaScript. Recommendation Upgrade to version 4.18.2 or later References - GitHub Issu...