NPR Visuals Team Pym.js Cross-Site Request Forgery Vulnerability

NPR Visuals Team Pym.js is a tool for embedding code in containers. The 'Pym.js onNavigateToMessage' function in NPR Visuals Team Pym.js versions 0.4.2 through 1.3.1 https://github.com/nprapps/pym.js/blob A cross-site request forgery vulnerability exists in /master/src/pym.jsL573. A remote attack...

GHSA-82GW-PQF7-Q3J2 pym.js CSRF Vulnerability

NPR Visuals Team Pym.js version versions 0.4.2 up to 1.3.1 contains a Cross Site Request Forgery CSRF vulnerability in Pym.js onNavigateToMessage function. https://github.com/nprapps/pym.js/blob/master/src/pym.jsL573 can result in Arbitrary javascript code execution. This attack appears to be...

pym.js CSRF Vulnerability

NPR Visuals Team Pym.js version versions 0.4.2 up to 1.3.1 contains a Cross Site Request Forgery CSRF vulnerability in Pym.js onNavigateToMessage function. https://github.com/nprapps/pym.js/blob/master/src/pym.jsL573 can result in Arbitrary javascript code execution. This attack appears to be...

CVE-2018-1000086

NPR Visuals Team Pym.js version versions 0.4.2 up to 1.3.1 contains a Cross ite Request Forgery CSRF vulnerability in Pym.js onNavigateToMessage function. https://github.com/nprapps/pym.js/blob/master/src/pym.jsL573 that can result in Arbitrary javascript code execution. This attack appear to be...

CVE-2018-1000086

NPR Visuals Team Pym.js version versions 0.4.2 up to 1.3.1 contains a Cross ite Request Forgery CSRF vulnerability in Pym.js onNavigateToMessage function. https://github.com/nprapps/pym.js/blob/master/src/pym.jsL573 that can result in Arbitrary javascript code execution. This attack appear to be...

CVE-2018-1000086

NPR Visuals Team Pym.js versions 0.4.2 through 1.3.1 expose a CSRF vulnerability in the _onNavigateToMessage function that can result in arbitrary JavaScript execution. An attacker could leverage this to gain full JavaScript access on pages embedding Pym.js when a user visits a crafted page. The ...

NPR One - Customized SSL, Dangerous filesystem permissions, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application NPR One published at the 'play' market has multiple vulnerabilities...

npr.org XSS vulnerability

Vulnerable URL: http://www.npr.org/account/logout?returnUrl=javascript:alert%28/XSSPOSED/%29 Details: Description| Value ---|--- Patched:| Yes, at 12.09.2017 Latest check for patch:| 12.09.2017 10:55 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 558 Google...

npr.org XSS vulnerability

Vulnerable URL: http://www.npr.org/templates/search/index.php?searchinput=123=all=%27%22%3E%3Csvg/onload%3dalert%28/xssposed/%29%3E=date Details: Description| Value ---|--- Patched:| Yes, at 18.07.2017 Latest check for patch:| 18.07.2017 14:44 GMT Vulnerability type:| XSS Vulnerability status:|...

npr.org XSS vulnerability

Vulnerable URL: http://www.npr.org/templates/search/index.php?searchinput=PsychoMantis=0=1"--...

Business Identity Theft: Increasingly Commonplace Yet Incredibly Obscure

You wouldn’t know it from reading the news, but business identity theft is becoming an increasingly large concern for small business owners, according to a report filed by NPR’s Yuki Noguchi today on Morning Edition. Noguchi tells the story of Scott Burnett and the Memphis-based company he and hi...