EUVD-2019-0063

Malware in sbrugna...

CVE-2019-1020019

invenio-previewer before 1.0.0a12 allows XSS...

Cross-site Scripting (XSS)

invenio-previewer is vulnerable to cross-site scripting XSS. It does not escape the user-uploaded file and directly render the file in the JSON, Markdown and iPython Notebook previewers, allowing an attacker to inject arbitrary Javascript into a victim's browser using a malicious file...

CVE-2019-1020019

invenio-previewer before 1.0.0a12 allows XSS...

CVE-2019-1020019

invenio-previewer before 1.0.0a12 allows XSS...

PYSEC-2019-96

invenio-previewer before 1.0.0a12 allows XSS...

PYSEC-2019-26

invenio-previewer before 1.0.0a12 allows XSS...

Cross site scripting

invenio-previewer before 1.0.0a12 allows XSS...

PYSEC-2019-26

invenio-previewer before 1.0.0a12 allows XSS...

CVE-2019-1020019

CVE-2019-1020019 affects the Invenio-Previewer component. The connected documents confirm a cross-site scripting (XSS) vulnerability in invenio-previewer versions prior to 1.0.0a12, caused by insufficient validation of client-side data by the WEB application. Exploitation would enable injection o...

CVE-2019-1020019

invenio-previewer before 1.0.0a12 allows XSS...

GHSA-J9M2-6HQ2-4R3C Cross-site Scripting in invenio-previewer

Cross-Site Scripting XSS vulnerability in JSON, Markdown and iPython Notebook previewers Impact Several Cross-Site Scripting XSS vulnerabilities have been found in the JSON, Markdown and iPython Notebook previewers. The vulnerabilities would allow a malicous user to upload a JSON, Markdown or...

Cross-site Scripting in invenio-previewer

Cross-Site Scripting XSS vulnerability in JSON, Markdown and iPython Notebook previewers Impact Several Cross-Site Scripting XSS vulnerabilities have been found in the JSON, Markdown and iPython Notebook previewers. The vulnerabilities would allow a malicous user to upload a JSON, Markdown or...