EUVD-2007-1762

Malware in sbrugna...

EUVD-2007-1867

Malware in sbrugna...

mephisto-shows.com Cross Site Scripting vulnerability OBB-2877948

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Malicious Package

Overview mephisto-worker-experience is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if thi...

Malicious code in mephisto-worker-experience (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2d7f1afc283ce715a697df2f30f12afa2c169ba32d82ca01e3d08bc4995ed8e4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-4557 Malicious code in mephisto-worker-experience (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2d7f1afc283ce715a697df2f30f12afa2c169ba32d82ca01e3d08bc4995ed8e4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in mephisto-task-compiler (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware eeb820de958446255bfd0e51fd1b7f9301ed6fdfb324b2e7d5513181960c4b02 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-4556 Malicious code in mephisto-task-compiler (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware eeb820de958446255bfd0e51fd1b7f9301ed6fdfb324b2e7d5513181960c4b02 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in parlai-mephisto-task-compiler (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 09495931dcfc8a6bb66d0754c6551c12e6cbae08ea207828dcd98127c20c2360 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-5214 Malicious code in parlai-mephisto-task-compiler (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 09495931dcfc8a6bb66d0754c6551c12e6cbae08ea207828dcd98127c20c2360 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Mephisto Blog 0.7.3 Search Function Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/23141/info Mephisto Blog is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the...

CVE-2007-1873

Cross-site scripting XSS vulnerability in Mephisto 0.7.3 allows remote attackers to inject arbitrary web script or HTML via the q parameter to the search script...

Cross site scripting

Cross-site scripting XSS vulnerability in Mephisto 0.7.3 allows remote attackers to inject arbitrary web script or HTML via the q parameter to the search script...

CVE-2007-1873

Cross-site scripting XSS vulnerability in Mephisto 0.7.3 allows remote attackers to inject arbitrary web script or HTML via the q parameter to the search script...

CVE-2007-1873

Mephisto 0.7.3 is affected by a cross-site scripting (XSS) vulnerability that allows remote attackers to inject arbitrary script or HTML via the q parameter in the search script. The impact is described as actionable by injecting code, with no vendor fix available according to the security adviso...

Cross site scripting in mephisto 0.7.3

Cross site scripting in mephisto 0.7.3 security advisory References: http://www.mephistoblog.com https://vulners.com/cve/CVE-2007-1873 Description: Cross site scripting describes attacks that allow to insert malicious html or javascript code via get or post forms. This can be used to steal sessio...

CVE-2007-1873.txt

Cross site scripting in mephisto 0.7.3 security advisory References: http://www.mephistoblog.com http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1873 Description: Cross site scripting describes attacks that allow to insert malicious html or javascript code via get or post forms. This can b...

Cross site scripting

Cross-site scripting XSS vulnerability in app/helpers/applicationhelper.rb in Mephisto 0.7.3 and Mephisto Edge 20070325 allows remote attackers to inject arbitrary web script or HTML via the author name field in a comment...

CVE-2007-1768

Cross-site scripting XSS vulnerability in app/helpers/applicationhelper.rb in Mephisto 0.7.3 and Mephisto Edge 20070325 allows remote attackers to inject arbitrary web script or HTML via the author name field in a comment...

CVE-2007-1768

CVE-2007-1768 affects Mephisto 0.7.3 and Mephisto Edge 20070325. Vulnerable component: app/helpers/application_helper.rb . Issue: Cross-site scripting (XSS) via the author name field in a comment, enabling remote injection of arbitrary web script/HTML. Exploitation details are not provided in the...