2 matches found
SiYuan Bazaar marketplace renders unescaped package `name` and `version` metadata, allowing stored XSS and Electron code execution
Summary SiYuan's Bazaar community marketplace renders the name and version fields of a package's plugin.json and the equivalent theme.json / template.json / widget.json / icon.json into the Settings → Marketplace UI without HTML escaping. The kernel-side helper sanitizePackageDisplayStrings in...
Aimeos Security Breach
Aimeos is an open source e-commerce framework for online stores from Aimeos Open Source. A security vulnerability exists in Aimeos versions prior to 2022.10.17, 2023.10.17, and 2024.04, which stems from SaaS , marketplace settings are potentially vulnerable to denial of service attacks...