MAL-2025-25725 Malicious code in lyst-product-card-generator (npm)

The package lyst-product-card-generator was found to contain malicious code...

Malicious code in lyst-product-card-generator (npm)

The package lyst-product-card-generator was found to contain malicious code...

Lyst: DOM XSS on http://talks.lystit.com

Description DOM XSS can be achieved via a postMessage due to an insecure postMessage handler being registered. POC 1. Visit https://gamer7112.com/lyst1.html 2. Click the link 3. View alert Vulnerable Code Located at http://talks.lystit.com/data-saloon-presentation/plugin/notes/notes.html javascri...

Lyst: Bypassing one-time checkout router page (revealing payment information)

Description: ======== When user submits for a checkout, the checkout router page /checkout-router/ID/ is accessible only once, which can be bypassed by crafting the checkout ID in cookie basketkey send to the page /new/checkout/order/. combining with brute-force attack, if the ID is valid a resul...

Lyst: Site configured improperly at subdomain of lyst.co.uk

Steps to reproduce the issue: Go to : "https://w.lyst.co.uk/" It will give you message The owner of w.lyst.co.uk has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website. Image: F163225 A attacker will send this link to user...