EUVD-2022-46066

Malicious code in bioql PyPI...

CVE-2022-43017

OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting XSS vulnerability via the indexFile component...

The vulnerability of the indexFile component in the process management system of OpenCATS allows a hacker to perform cross-site scripting attacks.

The vulnerability of the indexFile component in the OpenCATS process management system is related to the lack of protective measures for the website structure. Exploiting this vulnerability allows a remote attacker to perform cross-site scripting attacks...

CVE-2022-42746

CandidATS version 3.0.0 on 'indexFile' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks...

PT-2022-26536 · Candidats · Candidats

Name of the Vulnerable Software and Affected Versions: CandidATS version 3.0.0 Description: The issue allows an external attacker to steal the cookie of arbitrary users. This is possible because the application does not properly validate user input against XSS attacks, specifically on the...

CVE-2022-43017

OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting XSS vulnerability via the indexFile component...

CVE-2022-43017

OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting XSS vulnerability via the indexFile component...

Cross site scripting

OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting XSS vulnerability via the indexFile component...

OpenCats 跨站脚本漏洞

OpenCats is an open source recruitment process management system. A security vulnerability exists in OpenCats version v0.9.6, which originates from an attacker being able to implement reflective cross-site scripting using its indexFile component. Currently there is no detailed vulnerability detai...

CVE-2022-43017

OpenCATS v0.9.6 contains a reflected XSS vulnerability via the indexFile component. An attacker can inject arbitrary JavaScript in the victim’s browser, running in the site’s context and potentially exposing cookie-based credentials and enabling additional attacks. The issue arises from OpenCATS ...

CVE-2022-43017

OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting XSS vulnerability via the indexFile component...

Node.js third-party modules: `indexFile` option passed as an argument to node-server can lead to arbitrary file read

Hi Guys, I would like to report Path Traversal vulnerability in indexFile parameter passed as an option tonode-server. This vulnerability affects both CLI --indexFile and options.indexFile passed as an argument to Server.prototype.serveDir function in node-static.js Module module name: node-stati...