4 matches found
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the uxicon function when unsanitized SVG content is inlined from local files or remote Iconify responses. An attacker can execute arbitrary JavaScript in the context of the application by supplying a malicio...
EUVD-2020-30209
Malware in sbrugna...
CVE-2020-9388
CSRF protection was not present in SquaredUp before version 4.6.0. A CSRF attack could have been possible by an administrator executing arbitrary code in a HTML dashboard tile via a crafted HTML page, or by uploading a malicious SVG payload into a dashboard...
CVE-2020-9388
CSRF protection was not present in SquaredUp before version 4.6.0. A CSRF attack could have been possible by an administrator executing arbitrary code in a HTML dashboard tile via a crafted HTML page, or by uploading a malicious SVG payload into a dashboard...