5 matches found
EUVD-2025-205789
Malicious code in rt-text-media-collection npm...
MAL-2025-192975 Malicious code in rt-text-media-collection (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 761afaf4df6aa1b7badedc5757ada134cb041af11dad1257171abae2be3a4589 The package rt-text-media-collection was found to contain malicious code. Source: ghsa-malware...
U.S. Dept Of Defense: CSRF Attack leads to delete album at ████████
The report describes a CSRF vulnerability in the DoD asset ███████, specifically in the feature to create albums for a media collection. The vulnerability allows an attacker to delete a victim's album without the victim's consent, as the delete request is based on GET and lacks CSRF verification...
XSS Injection in Media Collection Title was possible
Impact A logged in admin user was possible to add a script injection XSS in the collection title which was executed. Workarounds Manual patching the js files. For more information If you have any questions or comments about this advisory:' - Email us at [email protected]...
Department of Homeland Security to Collect Social Media of Immigrants and Citizens
New rules give the DHS permission to collect "social media handles, aliases, associated identifiable information, and search results" as part of people's immigration file. The Federal Register has the details, which seems to also include US citizens that communicate with immigrants. This is part ...