EUVD-2019-0064

Malware in sbrugna...

CVE-2019-1020003

invenio-records before 1.2.2 allows XSS...

Invenio-records Cross-Site Scripting Vulnerability

invenio-records is a metadata storage module. A cross-site scripting vulnerability exists in versions of invenio-records prior to 1.2.2. The vulnerability stems from a lack of proper validation of client-side data by the WEB application. An attacker can exploit this vulnerability to execute...

Cross-site Scripting (XSS)

invenio-records is vulnerable to cross-site scripting XSS. When an admin user views a new record uploaded by a user with permission to upload in the admin interface, it directly renders JSON output for the new record, allowing the user to inject and render any arbitrary malicious script to render...

CVE-2019-1020003

invenio-records before 1.2.2 allows XSS...

CVE-2019-1020003

invenio-records before 1.2.2 allows XSS...

PYSEC-2019-27

invenio-records before 1.2.2 allows XSS...

PYSEC-2019-27

invenio-records before 1.2.2 allows XSS...

PYSEC-2019-97

invenio-records before 1.2.2 allows XSS...

Cross site scripting

invenio-records before 1.2.2 allows XSS...

CVE-2019-1020003

invenio-records before 1.2.2 allows XSS...

CVE-2019-1020003

CVE-2019-1020003 affects invenio-records (before 1.2.2), a metadata storage module. The root cause is lack of proper validation of client-side data by the WEB application, leading to cross-site scripting (XSS) (per CNVD/OSV/NVD entries and vendor advisories). Impact is that an attacker can execut...

GHSA-VXH3-MVV7-265J Cross-site scripting invenio-records

Cross-Site Scripting XSS vulnerability in administration interface Impact A Cross-Site Scripting XSS vulnerability was discovered when rendering JSON for a record in the administration interface. The vulnerability could be exploited by e.g. a user who had access to upload a new record, that an...