4 matches found
CVE-2026-40090 Zarf has a Path Traversal via Malicious Package Metadata.Name — Arbitrary File Write
Zarf is an Airgap Native Packager Manager for Kubernetes. Versions 0.23.0 through 0.74.1 contain an arbitrary file write vulnerability in the zarf package inspect sbom and zarf package inspect documentation subcommands. These subcommands output file paths are constructed by joining a...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the package creation and search processes. An attacker can execute arbitrary scripts in the browsers of other users by injecting crafted HTML or JavaScript into the Name or Description fields, which are later...
PT-2019-18679 · Centos · Centos Web Panel
Name of the Vulnerable Software and Affected Versions: CentOS Web Panel versions through 0.9.8.763 Description: The issue concerns a Stored/Persistent XSS vulnerability. It affects the add package module, specifically the Package Name field. This allows for potential exploitation via the module...
Biscom Secure File Transfer Cross-Site Scripting Vulnerability
Biscom Secure File Transfer SFT is a Web-based file transfer solution from Biscom USA. The solution has features such as file sharing, workspace creation and automatic file cleanup. A cross-site scripting vulnerability exists in the Package Name field in Biscom SFT. A remote attacker could exploi...