17 matches found
Malicious code in @0xlr/prisma-client-js (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b993c29d90c2ecfffaa9ed55b99c38e5351052e619b79ad2a385d6c72376f0f4 On npm install, postinstall.js enumerates all of process.env, collects hostname, username, homedir, cwd, argv, platform/arch/release, memory and CPU...
Malicious code in react-json-chalk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1a2b0f9e236c71a3da2c36dd19a90a0a3e096503e79754d25ce2a13eb5d72d77 The package is published as react-json-chalk but its main entry pino.js impersonates the pino logger homepage https://getpino.io, bundled pino source...
MAL-2026-4792 Malicious code in react-json-chalk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1a2b0f9e236c71a3da2c36dd19a90a0a3e096503e79754d25ce2a13eb5d72d77 The package is published as react-json-chalk but its main entry pino.js impersonates the pino logger homepage https://getpino.io, bundled pino source...
MAL-2026-4415 Malicious code in @onerjs/smart-filters-blocks (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e772d7a844409df378591a5a587c7cc8045e0ec0e8cb493912f0da8fa594c169 This package is published as @onerjs/smart-filters-blocks but its README, repository URL git+https://github.com/BabylonJS/Babylon.js.git, description...
CVE-2021-28114
Froala WYSIWYG Editor 3.2.6-1 is affected by XSS due to a namespace confusion during parsing...
EUVD-2021-1491
Malware in sbrugna...
Cross Site Scripting
rails-html-sanitizer is vulnerable to Cross Site Scripting. The vulnerability is due to improper handling of namespaced elements in math or svg contexts due to a lack of checks for namespace-specific tags, which can lead to namespace confusion andallows attackers to exploit this by injecting...
New Timing Attack Against NPM Registry API Could Expose Private Packages
A novel timing attack discovered against the npm's registry API can be exploited to potentially disclose private packages used by organizations, putting developers at risk of supply chain threats. "By creating a list of possible package names, threat actors can detect organizations' scoped privat...
GHSA-RR6V-H7M8-WC9F Cross-site Scripting in Froala WYSIWYG Editor
Froala WYSIWYG Editor 3.2.6-1 is affected by XSS due to a namespace confusion during parsing...
Cross-site Scripting in Froala WYSIWYG Editor
Froala WYSIWYG Editor 3.2.6-1 is affected by XSS due to a namespace confusion during parsing...
CVE-2021-28114
Froala WYSIWYG Editor 3.2.6-1 is affected by XSS due to a namespace confusion during parsing...
CVE-2021-28114
Froala WYSIWYG Editor 3.2.6-1 is affected by XSS due to a namespace confusion during parsing...
Type confusion
Froala WYSIWYG Editor 3.2.6-1 is affected by XSS due to a namespace confusion during parsing...
CVE-2021-28114
CVE-2021-28114 affects Froala WYSIWYG Editor 3.2.6-1 with an XSS flaw caused by a namespace confusion during parsing. Red Hat, CNVD, OSV, and others report the issue and, in CNVD, an attacker could obtain an administrator cookie. The initial entry provides the vulnerability description and CVSS m...
CVE-2021-28114
Froala WYSIWYG Editor 3.2.6-1 is affected by XSS due to a namespace confusion during parsing...
PT-2021-17750 · Froala · Froala Wysiwyg Editor
Name of the Vulnerable Software and Affected Versions: Froala WYSIWYG Editor version 3.2.6-1 Description: The issue is related to a namespace confusion during parsing, which leads to a cross-site scripting XSS problem. Recommendations: For Froala WYSIWYG Editor version 3.2.6-1, update to a versio...
Internet Explorer 8 CSS Parser Exploit
Exploit for windows platform in category remote exploits ====================================== Internet Explorer 8 CSS Parser Exploit ====================================== !/usr/bin/env ruby Source: http://www.breakingpointsystems.com/community/blog/ie-vulnerability/ Author: Nephi Johnson...