16 matches found
Resource Injection
Overview NuGet.Packaging is a NuGet's implementation for reading nupkg package and nuspec package specification files. Affected versions of this package are vulnerable to Resource Injection in the NuGetGallery backend job’s handling of .nuspec files within NuGet packages. An attacker can bypass...
EUVD-2020-12217
Malware in sbrugna...
CVE-2020-1340
A spoofing vulnerability exists when the NuGetGallery does not properly sanitize input on package metadata values, aka 'NuGetGallery Spoofing Vulnerability'...
CVE-2024-54138 XSS Vulnerability in NuGetGallery's Markdown Autolinks Processing
NuGet Gallery is a package repository that powers nuget.org. The NuGetGallery has a security vulnerability related to its handling of autolinks in Markdown content. While the platform properly filters out JavaScript from standard links, it does not adequately sanitize autolinks. This oversight...
Cross-site Scripting (XSS)
Overview NuGetGallery is a Core support library for NuGet Gallery Frontend and Backend. Affected versions of this package are vulnerable to Cross-site Scripting XSS through the handling of HTML element attributes. Details Cross-site scripting or XSS is a code vulnerability that occurs when an...
CVE-2024-47604 XSS vulnerability in NuGetGallery HTML attributes handling
NuGet Gallery is a package repository that powers nuget.org. The NuGetGallery has a security vulnerability in its handling of HTML element attributes, which allows an attacker to execute arbitrary HTML or Javascript code in a victim's browser...
CVE-2024-47604 XSS vulnerability in NuGetGallery HTML attributes handling
NuGet Gallery is a package repository that powers nuget.org. The NuGetGallery has a security vulnerability in its handling of HTML element attributes, which allows an attacker to execute arbitrary HTML or Javascript code in a victim's browser...
CVE-2024-37304 NuGetGallery's Markdown Autolinks Processing Vulnerable to Cross-site Scripting
NuGet Gallery is a package repository that powers nuget.org. The NuGetGallery has a security vulnerability related to its handling of autolinks in Markdown content. While the platform properly filters out JavaScript from standard links, it does not adequately sanitize autolinks. This oversight...
The vulnerability of the package manager for the .net platform, NuGetGallery, arises from the lack of protective measures for the website structure. This allows attackers to execute cross-site scripting attacks.
The vulnerability of the package manager for the .net NuGetGallery relates to the lack of protective measures for the website structure. Exploiting this vulnerability could allow a malicious actor to perform cross-site scripting attacks remotely...
CVE-2020-1340
A spoofing vulnerability exists when the NuGetGallery does not properly sanitize input on package metadata values, aka 'NuGetGallery Spoofing Vulnerability'...
CVE-2020-1340
A spoofing vulnerability exists when the NuGetGallery does not properly sanitize input on package metadata values, aka 'NuGetGallery Spoofing Vulnerability'...
Spoofing
A spoofing vulnerability exists when the NuGetGallery does not properly sanitize input on package metadata values, aka 'NuGetGallery Spoofing Vulnerability'...
CVE-2020-1340
A spoofing vulnerability exists when the NuGetGallery does not properly sanitize input on package metadata values, aka 'NuGetGallery Spoofing Vulnerability'...
CVE-2020-1340
NuGetGallery Spoofing Vulnerability (CVE-2020-1340) affects NuGetGallery. Root cause: improper sanitization of package metadata input, enabling spoofing of the UI. Exploitation could allow cross-site scripting by publishing crafted content via a gallery page (attack requires upload permissions). ...
NuGetGallery Spoofing Vulnerability
A spoofing vulnerability exists when the NuGetGallery does not properly sanitize input on package metadata values. An attacker who successfully exploited the vulnerability could perform cross-site scripting attacks and run scripts in the security context of the user viewing the malicious content...
KLA11812 Multiple vulnerabilities in Microsoft Developer Tools
Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to gain privileges, spoof user interface, obtain sensitive information. Below is a complete list of vulnerabilities: 1. An elevation of privilege vulnerability in Diagnostic Hub...