SUSE CVE-2009-2664

The jswatchset function in js/src/jsdbgapi.cpp in the JavaScript engine in Mozilla Firefox before 3.0.12 allows remote attackers to cause a denial of service assertion failure and application exit or possibly execute arbitrary code via a crafted .js file, related to a "memory safety bug." NOTE:...

SUSE CVE-2014-5274

Cross-site scripting XSS vulnerability in the view operations page in phpMyAdmin 4.1.x before 4.1.14.3 and 4.2.x before 4.2.7.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted view name, related to js/functions.js...

SUSE CVE-2014-7192

Eval injection vulnerability in index.js in the syntax-error package before 1.1.1 for Node.js 0.10.x, as used in IBM Rational Application Developer and other products, allows remote attackers to execute arbitrary code via a crafted file...

CVE-2021-36535

Buffer Overflow vulnerability in Cesanta mJS 1.26 allows remote attackers to cause a denial of service via crafted .js file to mjsseterrorf...

console 跨站脚本漏洞

console is a software application. tokio-console prototype A cross-site scripting vulnerability exists in console, which stems from some unknown functionality in the file horizon/static/horizon/js/horizon.instances.js that is manipulated to cause cross-site scripting...

memos 跨站脚本漏洞

memos is an open source hosted memos center with knowledge management and social features. Versions of memos prior to 0.10.0 suffer from a cross-site scripting vulnerability that stems from the fact that its resource upload feature does not restrict the type of file that can be uploaded leading t...

coebot-www 跨站脚本漏洞

coebot-www is a web interface for CoeBot by Hayden Schiff, an individual developer. A cross-site scripting vulnerability exists in coebot-wwww, which stems from the functions displayChannelCommands/displayChannelQuotes/displayChannelAutoreplies/showChannelHighlights/showChannelBoi in the...

CSP passby via js file

Description Hi,Maintainter You submitted a fix in the latest version 0.9.0 with commit c07b4a.But after many tests, I found that this is still not 100% safe.You have set a very simple csp , which can be bypassed. Video link link...

CVE-2022-34475

SVG use tags that referenced a same-origin document could have resulted in script execution if attacker input was sanitized via the HTML Sanitizer API. This would have required the attacker to reference a same-origin JavaScript file containing the script to be executed. This vulnerability affects...

CVE-2022-3073

Quanos "SCHEMA ST4" example web templates in version Bootstrap 2019 v2/2021 v1/2022 v1/2022 SP1 v1 or below are prone to JavaScript injection allowing a remote attacker to hijack existing sessions to e.g. other web services in the same environment or execute scripts in the users browser...

Remote Code Execution (RCE)

mujs is vulnerable to remote code execution. The vulnerability exists due to the logical issue in the OgetOwnPropertyDescriptor function, allowing an attacker to inject and execute malicious code through memory corruption via the loading of a crafted javascript file...

CVE-2022-44789

A logical issue in OgetOwnPropertyDescriptor in Artifex MuJS 1.0.0 through 1.3.x before 1.3.2 allows an attacker to achieve Remote Code Execution through memory corruption, via the loading of a crafted JavaScript file...

CVE-2022-44789

A logical issue in OgetOwnPropertyDescriptor in Artifex MuJS 1.0.0 through 1.3.x before 1.3.2 allows an attacker to achieve Remote Code Execution through memory corruption, via the loading of a crafted JavaScript file...

CVE-2022-44789

A logical issue in OgetOwnPropertyDescriptor in Artifex MuJS 1.0.0 through 1.3.x before 1.3.2 allows an attacker to achieve Remote Code Execution through memory corruption, via the loading of a crafted JavaScript file...

Memory corruption

A logical issue in OgetOwnPropertyDescriptor in Artifex MuJS 1.0.0 through 1.3.x before 1.3.2 allows an attacker to achieve Remote Code Execution through memory corruption, via the loading of a crafted JavaScript file...

CVE-2022-44789

A logical issue in OgetOwnPropertyDescriptor in Artifex MuJS 1.0.0 through 1.3.x before 1.3.2 allows an attacker to achieve Remote Code Execution through memory corruption, via the loading of a crafted JavaScript file...

GHSA-7F3X-2WCX-HWW8 steal vulnerable to Regular Expression Denial of Service via input variable

A Regular Expression Denial of Service ReDoS flaw was found in stealjs steal via the input variable in main.js...

CVE-2022-30622

Disclosure of information - the system allows you to view usernames and passwords without permissions, thus it will be possible to enter the system. Path access: http://api/sysusernamepasswd.cmd - The server loads the request clearly by default. Disclosure of hard-coded credit information within...

CVE-2022-34475

SVG use tags that referenced a same-origin document could have resulted in script execution if attacker input was sanitized via the HTML Sanitizer API. This would have required the attacker to reference a same-origin JavaScript file containing the script to be executed. This vulnerability affects...

Stripo Inc: Non-revoked API Key Information disclosure via Stripo_report()

Talking about 983331 reports where a security researcher reported secret API key leakage vulnerability in a JavaScript file at Stripo. This report is disclosed on HackerOne, and the team at Stripo have forgotten to blur the API keys from the report before disclosing it to the public. The API keys...