12 matches found
CVE-2022-37679
Miniblog.Core v1.0 was discovered to contain a cross-site scripting XSS vulnerability in the component /blog/edit. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Excerpt field...
EUVD-2019-0586
Malware in sbrugna...
EUVD-2022-40293
Malicious code in bioql PyPI...
CVE-2022-37679
Miniblog.Core v1.0 was discovered to contain a cross-site scripting XSS vulnerability in the component /blog/edit. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Excerpt field...
CVE-2022-37679
Miniblog.Core v1.0 was discovered to contain a cross-site scripting XSS vulnerability in the component /blog/edit. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Excerpt field...
Cross site scripting
Miniblog.Core v1.0 was discovered to contain a cross-site scripting XSS vulnerability in the component /blog/edit. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Excerpt field...
CVE-2022-37679
Miniblog.Core v1.0 was discovered to contain a cross-site scripting XSS vulnerability in the component /blog/edit. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Excerpt field...
CVE-2022-37679
CVE-2022-37679 affects Miniblog.Core v1.0 in the /blog/edit Excerpt field, enabling cross-site scripting via a crafted payload. Root cause is an XSS vulnerability in the Excerpt input; impact per the entry is execute arbitrary script/HTML in the client. CVSS v3.1 base score is 4.8 (Medium) with n...
GHSA-958R-G534-CCMR MadsKristensen.AspNetCore.Miniblog subject to Improper Input Validation
madskristensen Miniblog.Core through 2019-01-16 allows remote attackers to execute arbitrary ASPX code via an IMG element with a data: URL, because SaveFilesToDisk in Controllers/BlogController.cs writes a decoded base64 string to a file without validating the extension...
MadsKristensen.AspNetCore.Miniblog subject to Improper Input Validation
madskristensen Miniblog.Core through 2019-01-16 allows remote attackers to execute arbitrary ASPX code via an IMG element with a data: URL, because SaveFilesToDisk in Controllers/BlogController.cs writes a decoded base64 string to a file without validating the extension...
CVE-2019-9845
madskristensen Miniblog.Core through 2019-01-16 allows remote attackers to execute arbitrary ASPX code via an IMG element with a data: URL, because SaveFilesToDisk in Controllers/BlogController.cs writes a decoded base64 string to a file without validating the extension...
CVE-2019-9845
The CVE-2019-9845 entry affects Madskristensen Miniblog.Core up to 2019-01-16. The underlying issue is in SaveFilesToDisk (Controllers/BlogController.cs): it writes a decoded base64 string to a file without validating the target file extension, enabling a remote attacker to execute arbitrary ASPX...