EUVD-2014-1222

Malware in sbrugna...

EUVD-2022-6742

Malicious code in bioql PyPI...

EUVD-2022-6658

Malicious code in bioql PyPI...

CVE-2025-8535

CVE-2025-8535 affects cronoh NanoVault up to 1.2.1. The vulnerability resides in the executeJavaScript function of /main.js within the xrb URL Handler component and enables cross-site scripting. Attack vector is network-based and remote; exploitation has been disclosed. Products: cronoh NanoVault...

CVE-2022-37260

A Regular Expression Denial of Service ReDoS flaw was found in stealjs steal 2.2.4 via the input variable in main.js...

CVE-2022-37264

Prototype pollution vulnerability in stealjs steal 2.2.4 via the optionName variable in main.js...

CVE-2024-34698 Prototype Pollution in getQueryParam Function (URL Query Parser)

FreeScout is a free, self-hosted help desk and shared mailbox. Versions of FreeScout prior to 1.8.139 contain a Prototype Pollution vulnerability in the /public/js/main.js source file. The Prototype Pollution arises because the getQueryParam Function recursively merges an object containing...

CVE-2024-34698

FreeScout versions prior to 1.8.139 are affected by a Prototype Pollution flaw in the getQueryParam function in /public/js/main.js. The function recursively merges user-controllable properties, enabling an attacker to inject a proto key and nested properties, which pollute the target object’s pro...

CVE-2023-48529 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

Prototype Pollution

convict is vulnerable to prototype pollution. An attacker is able to inject properties into existing construct prototypes via the set function in main.js and modify attributes such as proto, constructor, and other prototype base objects...

CVE-2014-125050

A vulnerability was found in ScottTZhang voter-js and classified as critical. Affected by this issue is some unknown functionality of the file main.js. The manipulation leads to sql injection. The patch is identified as 6317c67a56061aeeaeed3cf9ec665fd9983d8044. It is recommended to apply a patch ...

Sql injection

A vulnerability was found in ScottTZhang voter-js and classified as critical. Affected by this issue is some unknown functionality of the file main.js. The manipulation leads to sql injection. The patch is identified as 6317c67a56061aeeaeed3cf9ec665fd9983d8044. It is recommended to apply a patch ...

CVE-2014-125050 ScottTZhang voter-js main.js sql injection

A vulnerability was found in ScottTZhang voter-js and classified as critical. Affected by this issue is some unknown functionality of the file main.js. The manipulation leads to sql injection. The patch is identified as 6317c67a56061aeeaeed3cf9ec665fd9983d8044. It is recommended to apply a patch ...

CVE-2014-125050 ScottTZhang voter-js main.js sql injection

A vulnerability was found in ScottTZhang voter-js and classified as critical. Affected by this issue is some unknown functionality of the file main.js. The manipulation leads to sql injection. The patch is identified as 6317c67a56061aeeaeed3cf9ec665fd9983d8044. It is recommended to apply a patch ...

CVE-2014-125050

CVE-2014-125050 affects the voter-js project, with the vulnerability residing in an unknown functionality of main.js that enables SQL injection. Public documents confirm the issue is critical and tied to voter-js; a patch is identified by the commit hash 6317c67a56061aeeaeed3cf9ec665fd9983d8044, ...

PT-2023-10120 · Voter-Js · Voter-Js

Name of the Vulnerable Software and Affected Versions: voter-js affected versions not specified Description: A critical issue was found in the voter-js software, affecting some unknown functionality of the file main.js. This issue leads to sql injection. Recommendations: To fix this issue, it is...

Regular Expression Denial Of Service (ReDoS)

steal is vulnerable to prototype pollution. The vulnerability is possible because of the use of insecure regular expression for input in main.js, causing an application crash...

Prototype Pollution

steal is vulnerable to prototype pollution. A remote attacker is able to pollute objects by passing a maliciously crafted payload through optionName variable in the getScriptOptions function in main.js...

Regular Expression Denial Of Service (ReDoS)

steal is vulnerable to regular expression denial of service ReDoS attacks. A remote attacker is able to cause a system hang via supplying a maliciously crafted input through source or sourceWithComments variables in main.js...

GHSA-8F8G-9J73-7P82 steal vulnerable to Prototype Pollution via optionName variable

Prototype pollution vulnerability in stealjs steal 2.2.4 via the optionName variable in main.js...