CVE-2023-22491

Gatsby is a free and open source framework based on React that helps developers build websites and apps. The gatsby-transformer-remark plugin prior to versions 5.25.1 and 6.3.2 passes input through to the gray-matter npm package, which is vulnerable to JavaScript injection in its default...

Design/Logic Flaw

Gatsby is a free and open source framework based on React that helps developers build websites and apps. The gatsby-transformer-remark plugin prior to versions 5.25.1 and 6.3.2 passes input through to the gray-matter npm package, which is vulnerable to JavaScript injection in its default...

UBUNTU-CVE-2023-22491

Gatsby is a free and open source framework based on React that helps developers build websites and apps. The gatsby-transformer-remark plugin prior to versions 5.25.1 and 6.3.2 passes input through to the gray-matter npm package, which is vulnerable to JavaScript injection in its default...

CVE-2023-22491 gatsby-transformer-remark vulnerable to unsanitized JavaScript code injection

Gatsby is a free and open source framework based on React that helps developers build websites and apps. The gatsby-transformer-remark plugin prior to versions 5.25.1 and 6.3.2 passes input through to the gray-matter npm package, which is vulnerable to JavaScript injection in its default...

CVE-2023-22491 gatsby-transformer-remark vulnerable to unsanitized JavaScript code injection

Gatsby is a free and open source framework based on React that helps developers build websites and apps. The gatsby-transformer-remark plugin prior to versions 5.25.1 and 6.3.2 passes input through to the gray-matter npm package, which is vulnerable to JavaScript injection in its default...

CVE-2023-22491

The CVE-2023-22491 entry concerns the Gatsby gatsby-transformer-remark plugin, affected in versions prior to 5.25.1 and 6.3.2. The vulnerability arises when the plugin passes input to gray-matter in data mode, allowing JavaScript injection in its default configuration if input is not sanitized; i...

CVE-2023-22491 gatsby-transformer-remark vulnerable to unsanitized JavaScript code injection

Gatsby is a free and open source framework based on React that helps developers build websites and apps. The gatsby-transformer-remark plugin prior to versions 5.25.1 and 6.3.2 passes input through to the gray-matter npm package, which is vulnerable to JavaScript injection in its default...

CVE-2023-22491

Gatsby is a free and open source framework based on React that helps developers build websites and apps. The gatsby-transformer-remark plugin prior to versions 5.25.1 and 6.3.2 passes input through to the gray-matter npm package, which is vulnerable to JavaScript injection in its default...

GHSA-7CH4-RR99-CQCW gatsby-transformer-remark has possible unsanitized JavaScript code injection

Impact The gatsby-transformer-remark plugin prior to versions 5.25.1 and 6.3.2 passes input through to the gray-matter npm package, which is vulnerable to JavaScript injection in its default configuration, unless input is sanitized. The vulnerability is present in gatsby-transformer-remark when...

Australian Healthcare Sector Targeted in Latest Gootkit Malware Attacks

A recent wave of Gootkit malware loader attacks has targeted the Australian healthcare sector by leveraging legitimate tools like VLC Media Player. Gootkit, also called Gootloader, is known to employ search engine optimization SEO poisoning tactics aka spamdexing for initial access. It typically...

Cross-Site Scripting (XSS)

node-json2html is vulnerable to Cross-Site scripting. The vulnerability exists in the apply function in json2html.js for the text attribute which allows an attacker to inject and execute arbitrary JavaScript...

Cross-site Scripting (XSS)

inlinesvg is vulnerable to Cross-Site Scripting. The vulnerability exists because the placeholder function in helpers.rb does not properly escape the filename attribute before being rendered, allowing an attacker to inject and execute malicious JavaScript through a malicious SVG file...

CVE-2021-36603

Cross Site Scripting XSS in Tasmota firmware 6.5.0 allows remote attackers to inject JavaScript code via a crafted string in the field "Friendly Name 1"...

CVE-2021-36603

Cross Site Scripting XSS in Tasmota firmware 6.5.0 allows remote attackers to inject JavaScript code via a crafted string in the field "Friendly Name 1"...

Tasmota 跨站脚本漏洞

Tasmota is a replacement firmware for the ESP8266 with easy configuration using the webUI, OTA updates, automation using timers or rules, scalability, and full local control over MQTT, HTTP, serial or KNX. A security vulnerability exists in Tasmota firmware version 6.5.0 that could allow a remote...

CVE-2021-36603

CVE-2021-36603 affects Tasmota firmware 6.5.0. An XSS flaw in the Friendly Name 1 field allows remote attackers to inject JavaScript via a crafted value, potentially compromising user browsers. Root cause: unsafe handling of user-supplied input in that field. Impact: described as XSS; no exploita...

PT-2023-12293 · Tasmota · Tasmota

Name of the Vulnerable Software and Affected Versions: Tasmota firmware version 6.5.0 Description: The issue allows remote attackers to inject JavaScript code via a crafted string in the Friendly Name 1 field. This enables Cross Site Scripting XSS attacks. Recommendations: For Tasmota firmware...

CVE-2022-45911

An issue was discovered in Zimbra Collaboration ZCS 9.0. XSS can occur on the Classic UI login page by injecting arbitrary JavaScript code in the username field. This occurs before the user logs into the system, which means that even if the attacker executes arbitrary JavaScript, they will not ge...

Zimbra Collaboration Server 跨站脚本漏洞

Zimbra Collaboration Server ZCS is a suite of email and collaboration solutions from Zimbra, USA. The solution provides email, contacts, calendar, file sharing, social networking, and other features. A security vulnerability exists in Zimbra Collaboration Server ZCS version 9.0, which stems from ...

PT-2023-14792 · Zimbra · Zimbra Collaboration

Name of the Vulnerable Software and Affected Versions: Zimbra Collaboration ZCS version 9.0 Description: An issue was discovered in the Classic UI login page where XSS can occur by injecting arbitrary JavaScript code in the username field. This occurs before the user logs into the system, which...