7863 matches found
CVE-2015-1370
Incomplete blacklist vulnerability in marked 0.3.2 and earlier for Node.js allows remote attackers to conduct cross-site scripting XSS attacks via a vbscript tag in a link...
Cross site scripting
Incomplete blacklist vulnerability in marked 0.3.2 and earlier for Node.js allows remote attackers to conduct cross-site scripting XSS attacks via a vbscript tag in a link...
Sql injection
SQL injection vulnerability in Sequelize before 2.0.0-rc7 for Node.js allows remote attackers to execute arbitrary SQL commands via the order parameter...
CVE-2015-1369
Summary: CVE-2015-1369 is a SQL injection in Sequelize for Node.js, affecting versions up to and including 2.0.0-rc7 where user input placed in the order parameter can lead to arbitrary SQL execution. The issue is caused by unsafe handling of the order input, enabling attackers to influence queri...
CVE-2015-1370
CVE-2015-1370 affects the marked library (versions 0.3.2 and earlier) used with Node.js. The root cause is an incomplete blacklist that allows cross-site scripting via a vbscript tag in a link, enabling remote XSS. Public references (GHSA, OSV, NVD, CNVD) corroborate the issue and advise upgradin...
CVE-2015-1370
Incomplete blacklist vulnerability in marked 0.3.2 and earlier for Node.js allows remote attackers to conduct cross-site scripting XSS attacks via a vbscript tag in a link...
CVE-2015-1369
SQL injection vulnerability in Sequelize before 2.0.0-rc7 for Node.js allows remote attackers to execute arbitrary SQL commands via the order parameter...
CVE-2015-1370
Incomplete blacklist vulnerability in marked 0.3.2 and earlier for Node.js allows remote attackers to conduct cross-site scripting XSS attacks via a vbscript tag in a link...
CVE-2015-1164
Open redirect vulnerability in the serve-static plugin before 1.7.2 for Node.js, when mounted at the root, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a // slash slash followed by a domain in the PATHINFO to the default URI...
CVE-2015-1164
Open redirect vulnerability in the serve-static plugin before 1.7.2 for Node.js, when mounted at the root, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a // slash slash followed by a domain in the PATHINFO to the default URI...
CVE-2015-1164
Open redirect vulnerability in the serve-static plugin before 1.7.2 for Node.js, when mounted at the root, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a // slash slash followed by a domain in the PATHINFO to the default URI...
Open redirect
Open redirect vulnerability in the serve-static plugin before 1.7.2 for Node.js, when mounted at the root, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a // slash slash followed by a domain in the PATHINFO to the default URI...
CVE-2015-1164
CVE-2015-1164 describes an open redirect in the Node.js module serve-static . Versions prior to 1.7.2 (and 1.6.x before 1.6.5) are affected when mounted at the root, enabling attackers to redirect victims to arbitrary sites by using a // in the PATH_INFO (e.g., //google.com/…). The issue can faci...
CVE-2015-1164
Open redirect vulnerability in the serve-static plugin before 1.7.2 for Node.js, when mounted at the root, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a // slash slash followed by a domain in the PATHINFO to the default URI...
CVE-2015-1164
Open redirect vulnerability in the serve-static plugin before 1.7.2 for Node.js, when mounted at the root, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a // slash slash followed by a domain in the PATHINFO to the default URI...
Browserify Node.js Remote Code Execution (CVE-2014-7192)
A remote code execution was discovered in Browserify Node.js. An unauthenticated attacker may use this vulnerability to execute code on the vulnerable server...
Node.js 'serve-static' module open redirection vulnerability
Node.js is a platform built on the Chrome JavaScript runtime for building fast, easily extensible web applications. An open redirect vulnerability exists in the Node.js 'serve-static' module, which can be exploited by an attacker to redirect users to a potentially malicious website, which could...
CVE-2014-7193
The Crumb plugin before 3.0.0 for Node.js does not properly restrict token access in situations where a hapi route handler has CORS enabled, which allows remote attackers to obtain sensitive information, and potentially obtain the ability to spoof requests to non-CORS routes, via a crafted web si...
Design/Logic Flaw
The Crumb plugin before 3.0.0 for Node.js does not properly restrict token access in situations where a hapi route handler has CORS enabled, which allows remote attackers to obtain sensitive information, and potentially obtain the ability to spoof requests to non-CORS routes, via a crafted web si...
CVE-2014-7193
The Crumb plugin before 3.0.0 for Node.js does not properly restrict token access in situations where a hapi route handler has CORS enabled, which allows remote attackers to obtain sensitive information, and potentially obtain the ability to spoof requests to non-CORS routes, via a crafted web si...