Prototype Pollution

js-ini is vulnerable to prototype pollution. The vulnerability exists in parse function in index.ts and parse.ts due to lack of validations which allows an attacker to send malicious INI files on the application to cause a pollution on prototype...

Path Traversal

gogs.io/gogs is vulnerable to path traversal. The vulnerability exists in Clean function in pathutil.go due to lack of validations which allows a malicious attacker to delete and upload arbitrary files...

Cross-site Scripting (XSS)

forkcms/forkcms is vulnerable to cross-site scriptingXSS attacks. A remote attacker is able to inject and execute malicious javascript via the description of a new module due to the lack of validations...

Remote Code Execution

github.com/gogs/gogs is vulnerable to remote code execution. Lack of proper validations in UploadRepoFiles function allow remote attackers to upload and execute malicious code on the system...

Code injection

In InoERP 0.7.2, an unauthorized attacker can execute arbitrary code on the server side due to lack of validations in /modules/sys/formpersonalization/jsonfp.php...