5 matches found
Arbitrary Code Execution (ACE)
angular-expressions is vulnerable to Arbitrary Code Execution ACE. The vulnerability is due to ability to escape the sandbox through a malicious expression, allowing an attacker to execute arbitrary code on the system...
Remote code execution
JSONata is a JSON query and transformation language. Starting in version 1.4.0 and prior to version 1.8.7 and 2.0.4, a malicious expression can use the transform operator to override properties on the Object constructor and prototype. This may lead to denial of service, remote code execution or...
Cross-Site Scripting (XSS)
vega is vulnerable to cross-site scripting XSS. A remote attacker is able to inject and execute arbitrary Javascript in a user's browser via a malicious Vega expression...
CVE-2017-15313
Huawei SmartCare V200R003C10 has a CSV injection vulnerability. An remote authenticated attacker could inject malicious CSV expression to the affected device...
CVE-2017-15313
Huawei SmartCare V200R003C10 has a CSV injection vulnerability. An remote authenticated attacker could inject malicious CSV expression to the affected device...