34 matches found
EUVD-2016-1407
Malware in sbrugna...
EUVD-2011-0081
Malware in sbrugna...
Gallery Blocks with Lightbox < 3.0.8 - Subscriber+ Arbitrary Options Update
The plugin has an AJAX endpoint that can be accessed by any authenticated users, such as subscriber. The callback function allows numerous actions, the most serious one being reading and updating the WordPress options which could be used to enable registration with a default administrator user...
Google Chromium V8 Memory Corruption Vulnerability
Google Chromium V8 Engine has a bug in JSON.stringify, where the internal TheHole value can leak to script code, causing memory corruption. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera...
GHSA-R96P-V3CR-GFV8 Cross-site Scripting (XSS) in @scullyio/scully
This affects the package @scullyio/scully before 1.0.9. The transfer state is serialised with the JSON.stringify function and then written into the HTML page...
Cross-site Scripting (XSS) in @scullyio/scully
This affects the package @scullyio/scully before 1.0.9. The transfer state is serialised with the JSON.stringify function and then written into the HTML page...
Cross-Site Scripting (XSS)
@scullyio/scully is vulnerable to cross-site scripting XSS. The transfer-state is serialized using JSON.stringify function and subsequently written into the HTML page without sanitization, allowing an attacker to inject arbitrary Javascript code in a user's browser...
CVE-2020-28470
This affects the package @scullyio/scully before 1.0.9. The transfer state is serialised with the JSON.stringify function and then written into the HTML page...
CVE-2020-28470 Cross-site Scripting (XSS)
This affects the package @scullyio/scully before 1.0.9. The transfer state is serialised with the JSON.stringify function and then written into the HTML page...
CVE-2020-28470
The CVE-2020-28470 entry affects @scullyio/scully (pre-1.0.9). The issue arises because the transfer state is serialized with JSON.stringify() and written into the HTML page, enabling potential Cross-Site Scripting (XSS) when untrusted data is rendered. The primary impacted component is Scully’s ...
Cross-Site Scripting (XSS)
devalue is vulnerable to cross-site scripting XSS attacks. A remote attacker is able to inject and execute arbitrary Javascript on a victim's browser due to the unsafe use of JSON.stringify in the stringifyPrimitive function...
GHSA-PGR8-JG6H-8GW6 Cross-Site Scripting in webpack-bundle-analyzer
Versions of webpack-bundle-analyzer prior to 3.3.2 are vulnerable to Cross-Site Scripting. The package uses JSON.stringify without properly escaping input which may lead to Cross-Site Scripting. Recommendation Upgrade to version 3.3.2 or later...
Cross-Site Scripting in webpack-bundle-analyzer
Versions of webpack-bundle-analyzer prior to 3.3.2 are vulnerable to Cross-Site Scripting. The package uses JSON.stringify without properly escaping input which may lead to Cross-Site Scripting. Recommendation Upgrade to version 3.3.2 or later...
Cross-Site Scripting
Overview Versions of webpack-bundle-analyzer prior to 3.3.2 are vulnerable to Cross-Site Scripting. The package uses JSON.stringify without properly escaping input which may lead to Cross-Site Scripting. Recommendation Upgrade to version 3.3.2 or later. References - GitHub PR - Snyk Report - GitH...
Foxit PDF Reader Javascript JSON.Stringify this.info Remote Code Execution Vulnerability
Summary An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to...
Arrays, symbols, and realms
On Twitter, Allen Wirfs-Brock asked folks if they knew what Array.isArrayobj did, and the results suggested… no they don't. For what it's worth, I also got the answer wrong. Type-checking arrays function fooobj // … Let's say we wanted to do something specific if obj is an array. JSON.stringify i...
UBUNTU-CVE-2016-10222
runtime/JSONObject.cpp in JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 18, allows remote attackers to cause a denial of service segmentation violation and application crash via crafted JavaScript code that triggers a "type confusion" in the JSON.stringify function...
CVE-2016-10222
Removed by vendor...
Cross-site Scripting (XSS) Via Admin Dashboard
keystone is vulnerable to cross-site scripting XSS attacks. The user's input to the name field in the admin dashboard is not HTML escaped because the input is passed to JSON.stringify instead of doing proper serialization...
nodejs: multiple issues
CVE-2015-6764 V8 out-of-bounds access vulnerability: A bug was discovered in V8's implementation of JSON.stringify that can result in out-of-bounds reads on arrays. The patch was included in this week's update of Chrome Stable. While this bug is high severity for browsers, it is considered lower...