13 matches found
EUVD-2019-5861
Malware in sbrugna...
CVE-2019-14712
Verifone VerixV Pinpad Payment Terminals with QT000530 allow bypass of integrity and origin control for S1G file generation...
CVE-2024-43370
gettext.js is a GNU gettext port for node and the browser. There is a cross-site scripting XSS injection if .po dictionary definition files are corrupted. This vulnerability has been patched in version 2.0.3. As a workaround, control the origin of the definition catalog to prevent the use of this...
CVE-2024-43370 gettext.js vulnerable to cross-site scripting (XSS)
gettext.js is a GNU gettext port for node and the browser. There is a cross-site scripting XSS injection if .po dictionary definition files are corrupted. This vulnerability has been patched in version 2.0.3. As a workaround, control the origin of the definition catalog to prevent the use of this...
CVE-2024-43370 gettext.js vulnerable to cross-site scripting (XSS)
gettext.js is a GNU gettext port for node and the browser. There is a cross-site scripting XSS injection if .po dictionary definition files are corrupted. This vulnerability has been patched in version 2.0.3. As a workaround, control the origin of the definition catalog to prevent the use of this...
CVE-2024-43370
gettext.js is a GNU gettext port for node and the browser. There is a cross-site scripting XSS injection if .po dictionary definition files are corrupted. This vulnerability has been patched in version 2.0.3. As a workaround, control the origin of the definition catalog to prevent the use of this...
CVE-2024-43370 gettext.js vulnerable to cross-site scripting (XSS)
gettext.js is a GNU gettext port for node and the browser. There is a cross-site scripting XSS injection if .po dictionary definition files are corrupted. This vulnerability has been patched in version 2.0.3. As a workaround, control the origin of the definition catalog to prevent the use of this...
gettext.js has a Cross-site Scripting injection
Impact Possible vulnerability to XSS injection if .po dictionary definition files is corrupted Patches Update gettext.js to 2.0.3 Workarounds Make sure you control the origin of the definition catalog to prevent the use of this flaw in the definition of plural forms...
CSRF bypass
Description URL parsing with Qwik uses the new URLa, b constructor. A little-known fact about this constructor is that if an attacker controls a they have complete control of the finally resolved URL. For example: const url = new URLattackervalue, "http://localhost" By entering //test.com, we can...
Spoofing Attack
firefox is vulnerable to spoofing attack. When a link to an external protocol was clicked, a prompt was presented that allowed the user to choose what application to open it in. An attacker could induce that prompt to be associated with an origin they didn't control, resulting in a spoofing attac...
Design/Logic Flaw
Verifone VerixV Pinpad Payment Terminals with QT000530 allow bypass of integrity and origin control for S1G file generation...
CVE-2019-14712
The CVE-2019-14712 entry concerns Verifone VerixV Pinpad Terminals (QT000530). Affected component/function: S1G file generation with bypass of integrity and origin control. Root cause details are not explicitly described beyond the bypass. Documents indicate an impact across confidentiality, inte...
CVE-2020-15682
When a link to an external protocol was clicked, a prompt was presented that allowed the user to choose what application to open it in. An attacker could induce that prompt to be associated with an origin they didn't control, resulting in a spoofing attack. This was fixed by changing external...