0x-assert (>=0.0.2 <=0.0.3), 0xauth (>=0.0.5 <=0.1.0) +8686 more potentially affected by CVE-2023-46233 via crypto-js (>=3.1.2-1 <=4.1.1)

crypto-js NPM version =3.1.2-1, =0.0.2, =0.0.5, =1.0.0, =1.0.0, =1.34.1, =0.1.0, =4.11.2, =0.0.1, =3.3.9, =3.10.1, =0.0.16-0.1, =0.0.4, =0.0.7 and more Source cves: CVE-2023-46233 Source advisory: OSV:GHSA-XWCQ-PM8M-C4VF...

PT-2023-29465 · Real Time Automation · Real Time Automation 460 Series

Name of the Vulnerable Software and Affected Versions: Real Time Automation 460 Series products versions prior to 8.9.8 Description: The issue allows an attacker to run any JavaScript reference from the URL string, which could lead to a cross-site scripting attack. If this occurs, the gateway's...

Node.js 安全漏洞

Node.js is an open source, cross-platform JavaScript runtime environment. A security vulnerability exists in Node.js versions 16.x, 18.x, and 20.x that stems from the use of Module.load to bypass the policy mechanism when given a module outside of the policy.json definition...

CVE-2023-22595

CVE-2023-22595 affects IBM B2B Advanced Communications (1.0.0.x) and IBM Multi-Enterprise Integration Gateway (1.0.0.1). A cross-site scripting flaw allows embedding arbitrary JavaScript in the Web UI, potentially leading to credentials disclosure in a trusted session. Remediation: apply fix pack...

7niu-webpack-plugin (=0.1.0), @a-brands/backend (>=1.0.0 <=1.0.4) +1172 more potentially affected by CVE-2020-26302 via is_js (>=0.2.1 <=0.9.0)

isjs NPM version =0.2.1, =1.0.0, =0.4.0-alpha.1, =0.1.0-beta.15, =0.3.0-beta.18, =0.1.0-alpha.4d9cf8a2, =1.0.1, =0.1.0, =1.0.5, =1.0.0, =3.10.1, =3.13.2 and more Source cves: CVE-2020-26302 Source advisory: OSV:GHSA-PVRW-G6FX-MCX2...

CVE-2023-28394

Beekeeper Studio versions prior to 3.9.9 allows a remote authenticated attacker to execute arbitrary JavaScript code with the privilege of the application on the PC where the affected product is installed. As a result, an arbitrary OS command may be executed as well...

PT-2023-12346 · Ibm · Ibm Cognos Analytics

Name of the Vulnerable Software and Affected Versions: IBM Cognos Analytics versions 11.1 through 11.2 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trusted...

PT-2023-16946 · Amazon +1 · Amazon Fire Tv Stick +1

Name of the Vulnerable Software and Affected Versions: Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5 Insignia TV with FireOS versions prior to 7.6.3.3 Description: The issue is related to the setMediaSource function on the amzn.thin.pl service, which does not properly sanitize the source...

CVE-2022-37386

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader 11.2.2.53575. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

CVE-2022-44875

KioWare through 8.33 on Windows sets KioScriptingUrlACL.AclActions.AllowHigh for the about:blank origin, which allows attackers to obtain SYSTEM access via KioUtils.Execute in JavaScript code...

PT-2023-13444 · Ibm · Ibm Maximo Application Suite +1

Name of the Vulnerable Software and Affected Versions: IBM Maximo Asset Management versions 7.6.1.1 through 7.6.1.3 IBM Maximo Application Suite versions 8.8 through 8.9 Description: This issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and...

SUSE CVE-2008-5715

Mozilla Firefox 3.0.5 on Windows Vista allows remote attackers to cause a denial of service application crash via JavaScript code with a long string value for the hash property aka location.hash. NOTE: it was later reported that earlier versions are also affected, and that the impact is CPU...

SUSE CVE-2011-2991

The browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other products does not properly implement JavaScript, which allows remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary...

SUSE CVE-2013-0750

Integer overflow in the JavaScript implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary...

SUSE CVE-2014-7204

jscript.c in Exuberant Ctags 5.8 allows remote attackers to cause a denial of service infinite loop and CPU and disk consumption via a crafted JavaScript file...

SUSE CVE-2018-5178

A buffer overflow was found during UTF8 to Unicode string conversion within JavaScript with extremely large amounts of data. This vulnerability requires the use of a malicious or vulnerable legacy extension in order to occur. This vulnerability affects Thunderbird ESR 52.8, Thunderbird 52.8, and...

SUSE CVE-2022-21597

Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JavaScript. Supported versions that are affected are Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via...

CVE-2023-23942 Self reflected HTML injection in Desktop client

The Nextcloud Desktop Client is a tool to synchronize files from a Nextcloud Server with your computer. Versions prior to 3.6.3 are missing sanitisation on qml labels which are used for basic HTML elements such as strong, em and head lines in the UI of the desktop client. The lack of sanitisation...

nodejs-moment: Regular expression denial of service

The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055...

CVE-2022-39813

Italtel NetMatch-S CI 5.2.0-20211008 allows Multiple Reflected/Stored XSS issues under NMSCIWebGui/jsecuritycheck via the jusername parameter, or NMSCIWebGui/actloglineview.jsp via the name or actLine parameter. An attacker leveraging this vulnerability could inject arbitrary JavaScript. The...