8 matches found
EUVD-2026-41057
Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in media.php line 17: SELECT id, filename, extension, type, duration, owner, private FROM files where id = '".$GET'id'."'. An authenticated attacker can perform error-based SQL injection to extract...
Malicious Package
Overview iron-media-query is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
MAL-2026-1310 Malicious code in iron-media-query (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 548ed1fd1be98d1ed340a991d8db46117cdd8cdd2a43f625408015ed6714d778 The package iron-media-query was found to contain malicious code. Source: ghsa-malware 159ebd19facb8454d0a41a0815dc3f3c0516dfc4f7a7ac22c5ea3f106fd008...
Malicious code in iron-media-query (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 548ed1fd1be98d1ed340a991d8db46117cdd8cdd2a43f625408015ed6714d778 The package iron-media-query was found to contain malicious code. Source: ghsa-malware 159ebd19facb8454d0a41a0815dc3f3c0516dfc4f7a7ac22c5ea3f106fd008...
Malicious code in media-query-list-parser (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-9705 Malicious code in media-query-list-parser (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-2309 Malicious code in epic-lit-media-query (npm)
--- -= Per source details. Do not edit below this line.=-...
Cross-site Scripting (XSS) - Stored in pimcore/pimcore
Description The pimcore/pimcore package is an open source platform that provides PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce services. stored xss vulnerability occurs when you add media query at "Settings" = "Thumbnails" = "Video Thumbnails" in the pimcore service. Proof of Concept txt XSS POC...