13 matches found
Cross-site Scripting (XSS)
ibexa/admin-ui is vulnerable to cross-site scripting XSS. The vulnerability is due to improper escaping of user-controlled input in image asset names, content language names, and future publishing within the back office, which allows an attacker with editor or administrator-level permissions to...
Cross-Site Scripting (XSS)
ezsystems/ezplatform-admin-ui is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper escaping of user-controlled input in image asset names, content language names, and future publishing features, which allows an attacker with back-office editor or administrator privilege...
Malicious code in buta-fadsg-vfsfgun (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9b3919c8e29ba9bf882553d2e0cb7269f827308da1ac250be1ace3123576a8ff This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-87048 Malicious code in joko-gaplek75-riris (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 897f5a51defdf744199cabc567e55917e31653e92d867f822c3a0665e69611e6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-84643 Malicious code in dian-sate70-miaww (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c0a91903928f46456e389578b0c21b16257878a493578e36e4fafb601e8c2e57 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in putri-oblok13-riris (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ff9bd7cd7b72922d2490a4fb6027282e52076325bbde485bb67eeececd4a0502 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-89737 Malicious code in putri-oncom20-riris (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a2492eeb168d915836c877df8eee5fe714ef452e3c02e3e00a0e769ef0fec331 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in soft-jade-takin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 22d760d82d6cf5c00e004c217760aac7e00abd68e29199fff3fc9712d4724483 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
GHSA-2MX6-FQ24-G2MH ibexa/admin-ui has an XSS vulnerability in Cancel/Reschedule future publication modal
Impact This security advisory resolves an XSS vulnerability in image asset names, content language names and future publishing in the back office of the DXP. Back office access and varying levels of editing and management permissions are required to exploit this vulnerability. This typically mean...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the back office interface. An attacker can execute arbitrary scripts by injecting malicious content into image asset names, content language names, or future publishing fields. This may result in persistent...
ibexa/admin-ui has an XSS vulnerability in Cancel/Reschedule future publication modal
Impact This security advisory resolves an XSS vulnerability in image asset names, content language names and future publishing in the back office of the DXP. Back office access and varying levels of editing and management permissions are required to exploit this vulnerability. This typically mean...
ezsystems/ezplatform-admin-ui has an XSS vulnerability in Cancel/Reschedule future publication modal
Impact This security advisory resolves an XSS vulnerability in image asset names, content language names and future publishing in the back office of the DXP. Back office access and varying levels of editing and management permissions are required to exploit this vulnerability. This typically mean...
GHSA-99C7-C3MW-MXHV ezsystems/ezplatform-admin-ui has an XSS vulnerability in Cancel/Reschedule future publication modal
Impact This security advisory resolves an XSS vulnerability in image asset names, content language names and future publishing in the back office of the DXP. Back office access and varying levels of editing and management permissions are required to exploit this vulnerability. This typically mean...