38 matches found
CVE-2026-47099
TeleJSON prior to 6.0.0 contains a DOM-based cross-site scripting vulnerability in the parse function that allows attackers to execute arbitrary JavaScript by delivering a crafted JSON payload containing a malicious constructor-name property value. The custom reviver passes the constructor name...
CVE-2026-47099 TeleJSON < 6.0.0 DOM-based XSS via parse() Function
TeleJSON prior to 6.0.0 contains a DOM-based cross-site scripting vulnerability in the parse function that allows attackers to execute arbitrary JavaScript by delivering a crafted JSON payload containing a malicious constructor-name property value. The custom reviver passes the constructor name...
CVE-2026-47099
TeleJSON prior to 6.0.0 contains a DOM-based cross-site scripting vulnerability in the parse function that allows attackers to execute arbitrary JavaScript by delivering a crafted JSON payload containing a malicious constructor-name property value. The custom reviver passes the constructor name...
EUVD-2026-30556
Cockpit CMS through version 2.14.0, patched in commit 72a83fc, contains a stored cross-site scripting vulnerability in the Set field type's Display template option, where the template string is processed by the $interpolate function using new Function and rendered via Vue's v-html directive witho...
Cockpit CMS 跨站脚本漏洞
Cockpit CMS is an open-source headless content management system developed by Cockpit. Versions of Cockpit CMS 2.14.0 and earlier had a cross-site scripting vulnerability. This vulnerability stemmed from the use of the $interpolate function in template strings within the Display template options,...
Cross-site Scripting (XSS)
Overview telejson is an A library for teleporting rich data to another place. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the parse function. An attacker can execute arbitrary JavaScript code in the new Function context by supplying a crafted JSON payload...
TeleJSON: DOM XSS via unsanitised constructor name in `new Function()`
Summary telejson versions prior to 6.0.0 released 2022 are vulnerable to DOM-based Cross-Site Scripting XSS through unsafe deserialisation. Attacker-controlled input from the constructor-name property in parsed JSON is passed directly to new Function without sanitisation, allowing arbitrary...
GHSA-CCGF-5RWJ-J3HV TeleJSON: DOM XSS via unsanitised constructor name in `new Function()`
Summary telejson versions prior to 6.0.0 released 2022 are vulnerable to DOM-based Cross-Site Scripting XSS through unsafe deserialisation. Attacker-controlled input from the constructor-name property in parsed JSON is passed directly to new Function without sanitisation, allowing arbitrary...
GHSA-VH9H-29PQ-R5M8 Locutus vulnerable to RCE via unsanitized input in create_function()
Summary The createfunctionargs, code function passes both parameters directly to the Function constructor without any sanitization, allowing arbitrary code execution. This is distinct from CVE-2026-29091 GHSA-fp25-p6mj-qqg6 which was calluserfuncarray using eval in v2.x. This finding affects...
EUVD-2026-11718
Locutus vulnerable to RCE via unsanitized input in createfunction...
Locutus vulnerable to RCE via unsanitized input in create_function()
Summary The createfunctionargs, code function passes both parameters directly to the Function constructor without any sanitization, allowing arbitrary code execution. This is distinct from CVE-2026-29091 GHSA-fp25-p6mj-qqg6 which was calluserfuncarray using eval in v2.x. This finding affects...
CVE-2026-32304 Locutus: RCE via unsanitized input in create_function()
Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. Prior to 3.0.14, the createfunctionargs, code function passes both parameters directly to the Function constructor without any sanitization, allowing arbitrary code execution. This is distinct from...
CVE-2026-32304 Locutus: RCE via unsanitized input in create_function()
Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. Prior to 3.0.14, the createfunctionargs, code function passes both parameters directly to the Function constructor without any sanitization, allowing arbitrary code execution. This is distinct from...
CVE-2026-32304
Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. Prior to 3.0.14, the createfunctionargs, code function passes both parameters directly to the Function constructor without any sanitization, allowing arbitrary code execution. This is distinct from...
PT-2026-25084
Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. Prior to 3.0.14, the create functionargs, code function passes both parameters directly to the Function constructor without any sanitization, allowing arbitrary code execution. This is distinct from...
Lightning Flow Scanner Vulnerable to Code Injection via Unsafe Use of `new Function()` in APIVersion Rule
Impact The APIVersion rule uses new Function to evaluate expression strings. A malicious crafted flow metadata file can cause arbitrary JavaScript execution during scanning. An attacker could execute arbitrary JavaScript during a scan by supplying a malicious expression within rule configuration ...
CVE-2025-67750
Lightning Flow Scanner is affected through versions 6.10.5 and earlier, where the APIVersion rule uses unsafe evaluation with new Function() to process expression strings. A maliciously crafted flow metadata file or rule configuration can cause arbitrary JavaScript execution during scanning, pote...
CVE-2025-67750 Lightning Flow Scanner is Vulnerable to Code Injection via Unsafe Use of new Function() in APIVersion Rule
Lightning Flow Scanner provides a A CLI plugin, VS Code Extension and GitHub Action for analysis and optimization of Salesforce Flows. Versions 6.10.5 and below allow a maliciously crafted flow metadata file to cause arbitrary JavaScript execution during scanning. The APIVersion rule uses new...
CVE-2025-67750 Lightning Flow Scanner is Vulnerable to Code Injection via Unsafe Use of new Function() in APIVersion Rule
Lightning Flow Scanner provides a A CLI plugin, VS Code Extension and GitHub Action for analysis and optimization of Salesforce Flows. Versions 6.10.5 and below allow a maliciously crafted flow metadata file to cause arbitrary JavaScript execution during scanning. The APIVersion rule uses new...
CVE-2020-36432
An issue was discovered in the algds crate through 2020-08-25 for Rust. There is a drop of uninitialized memory in Matrix::new...