MAL-2025-188028 Malicious code in meteor-meissa-airbnb-outercore (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f90614fd54ad4b93ad60971086709bbd736fc4d959596cc79df4ddb78e672937 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in nabila-poke13 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6dacd356e7109a6ef33614874f6e0caad2e3b882f23c60ab295c4f5ce72f360c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in arif-poke73 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 524e63af578745cf26b4295dc4eaf05d45e1983dede1910036d5d02e49f1fb35 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in ramadan-poke22 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f1b0048230f110e97c0e7d514c756b281b2d2281c758753877d1cb91f6a503d7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-143383 Malicious code in hugo-chromedriver-koa-upgrade (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c47f5de9836cd70c00ea3485794cb4fec4e708979736fa89733fbc1bd82ba97a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in cici-rujak46-sukiwir (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8a54c7fbb7bec90363888e351b767562caff98f648eb0ce84654cec419f149d3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2019-7643

Malware in sbrugna...

CVE-2019-17225

Subrion 4.2.1 allows XSS via the panel/members/ Username, Full Name, or Email field, aka an "Admin Member JSON Update" issue...

Subrion 4.2.1 - (Email) Persistant Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Title: Subrion 4.2.1 - 'Email' Persistant Cross-Site Scripting Author: Min Ko Ko Creatigon Vendor Homepage: https://subrion.org/ CVE : https://nvd.nist.gov/vuln/detail/CVE-2019-17225 Website : https://l33thacker.com Description : Allows XSS vi...

Subrion 4.2.1 Cross Site Scripting

Title: Subrion 4.2.1 - 'Email' Persistant Cross-Site Scripting Date: 2019-10-07 Author: Min Ko Ko Creatigon Vendor Homepage: https://subrion.org/ CVE : https://nvd.nist.gov/vuln/detail/CVE-2019-17225 Website : https://l33thacker.com Description : Allows XSS via the panel/members/ Username, Full...

Subrion 4.2.1 - 'Email' Persistant Cross-Site Scripting

Title: Subrion 4.2.1 - 'Email' Persistant Cross-Site Scripting Date: 2019-10-07 Author: Min Ko Ko Creatigon Vendor Homepage: https://subrion.org/ CVE : https://nvd.nist.gov/vuln/detail/CVE-2019-17225 Website : https://l33thacker.com Description : Allows XSS via the panel/members/ Username, Full...

CVE-2019-17225

Subrion 4.2.1 allows XSS via the panel/members/ Username, Full Name, or Email field, aka an "Admin Member JSON Update" issue...

Session fixation

Subrion 4.2.1 allows XSS via the panel/members/ Username, Full Name, or Email field, aka an "Admin Member JSON Update" issue...

CVE-2019-17225

Subrion 4.2.1 allows XSS via the panel/members/ Username, Full Name, or Email field, aka an "Admin Member JSON Update" issue...

Cross-Site Scripting (XSS)

Overview Affected versions of pivottable are vulnerable to cross-site scripting, due to a new mechanism used to render JSON elements. Recommendation Update to version 2.0.0 or later. References - PR 401 - GitHub Advisory...