CVE-2022-39350 @dependencytrack/frontend vulnerable to Persistent Cross-Site-Scripting via Vulnerability Details

@dependencytrack/frontend is a Single Page Application SPA used in Dependency-Track, an open source Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Due to the common practice of providing vulnerability details in markdown format, the...

@skuhnow/directus (>=9.8.0 <=9.14.4) potentially affected by CVE-2022-39300 via node-saml (=4.0.0-beta.2)

node-saml NPM version =4.0.0-beta.2 is affected by a known vulnerability. The following packages have a transitive dependency on node-saml and may be impacted: - @skuhnow/directus =9.8.0, =9.14.4 Source cves: CVE-2022-39300 Source advisory: OSV:GHSA-5P8W-2MVW-38PV...

DEBIAN-CVE-2022-39236

Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Starting with version 17.1.0-rc.1, improperly formed beacon events can disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data safely. Note that the...

CVE-2022-35923

v8n is a javascript validation library. Versions of v8n prior to 1.5.1 were found to have an inefficient regular expression complexity in the lowercase and uppercase regex which could lead to a denial of service attack. In testing of the lowercase function a payload of 'a' + 'a'.repeati + 'A' wit...

CVE-2022-35923 Inefficient Regular Expression Complexity in v8n

v8n is a javascript validation library. Versions of v8n prior to 1.5.1 were found to have an inefficient regular expression complexity in the lowercase and uppercase regex which could lead to a denial of service attack. In testing of the lowercase function a payload of 'a' + 'a'.repeati + 'A' wit...

shoutrrr 安全漏洞

shoutrrr is based on the JavaScript notification library. A security vulnerability exists in shoutrrr prior to version 0.6.0, which stems from a Denial of Service DoS vulnerability in package github.com/containrrr/shoutrrrr/pkg/util prior to version 0.6.0 via the util.PartitionMessage function. T...

Ubuntu: Security Advisory (USN-5494-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 22.04 LTS : SpiderMonkey JavaScript Library vulnerabilities (USN-5494-1)

The remote Ubuntu 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5494-1 advisory. It was discovered that SpiderMonkey JavaScript Library incorrectly generated certain assembly code. An remote attacker could possibly use this issue to...

The vulnerability of the Node-tar module in the Node.js library allows a hacker to write any files or execute any code.

The vulnerability of the Node-tar module in the Node.js library is related to insufficient checking of the path name to the restricted access directory. Exploiting this vulnerability could allow an attacker to write arbitrary files or execute arbitrary code...

MicroStrategy Web SDK Cross-Site Scripting Vulnerability (CNVD-2022-77860)

MicroStrategy Web SDK is a JavaScript library from MicroStrategy, Inc. It interacts with different CARTO APIs to build custom applications on top of deck.gl that utilize vector rendering. MicroStrategy Web SDK version 10.11 and earlier versions contain a cross-site scripting vulnerability that...

stored xss due to unsantized anchor url

BUG ====== stored xss due to unsantized anchor url SUMMURY ========= using fullpage.js you can create a anchor tag . But when put href in anchor then it does not sanitize the url which allow to break context of anchor element and can add our new element . I see main javascript or other javascript...

CVE-2022-24785

Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm server users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale. This...

Medialize URI.js 输入验证错误漏洞

Medialize URI.js is a Javascript-based code library from the Medialize team that can be used to efficiently stitch together URLs. Medialize URI.js is vulnerable to an input validation error that originates from opening redirects in medialize/uri.js. No detailed vulnerability details are available...

Medialize URI.js 安全漏洞

Medialize URI.js is a Javascript-based code library for efficient URL stitching from the Medialize team. correctly parsed. No details of the vulnerability are currently available...

Improper Input Validation

Overview url-js is a Simple URL parser, similar to DOM URL Affected versions of this package are vulnerable to Improper Input Validation due to improper parsing, which makes it is possible for the hostname to be spoofed. http://\\\\localhost and http://localhost are the same URL. However, the...

UBUNTU-CVE-2022-0520

Use After Free in NPM radare2.js prior to 5.6.2...

Denial of Service (DoS)

Overview fast-string-search is a module that can search substrings in a string by using N-API and boyer-moore-magiclen. Affected versions of this package are vulnerable to Denial of Service DoS when computations are incorrect for non-string inputs. One can cause the V8 to attempt reading from...

CVE-2021-46507

Jsish v3.5.0 was discovered to contain a stack overflow via JsiLogMsg at src/jsiUtils.c...

Fedora: Security Advisory for js-jquery-ui (FEDORA-2021-ab38307fc3)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 34 Update: js-jquery-ui-1.13.0-1.fc34

A curated set of user interface interactions, effects, widgets, and themes built on top of the jQuery JavaScript Library...