4 matches found
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the url field in Slate link or image nodes during rich-text rendering and parsing. An attacker can execute arbitrary JavaScript in the context of the user's browser by crafting content with malicious URL...
Improper File Handling
zx is vulnerable to Improper File Handling. The vulnerability is due to a logic error in the linkNodeModules and cleanup routines when using the --prefer-local option, which allows unintended deletion of an external /nodemodules directory outside the current working directory...
Use of Incorrectly-Resolved Name or Reference
Overview zx is an A tool for writing better scripts Affected versions of this package are vulnerable to Use of Incorrectly-Resolved Name or Reference via the linkNodeModules function. An attacker can cause deletion of arbitrary directories by supplying a crafted path to the --prefer-local...
Malicious code in trezor-link-node-hid (npm)
The package trezor-link-node-hid was found to contain malicious code...