SUSE-SU-2020:0247-1 Security update for nodejs6

This update for nodejs6 to version 6.17.1 fixes the following issues: Security issues fixed: - CVE-2019-16777, CVE-2019-16776, CVE-2019-16775: Updated npm to 6.13.4, fixing an arbitrary path overwrite and access via 'bin' field bsc1159352...

OPENSUSE-SU-2020:0059-1 Security update for nodejs8

This update for nodejs8 to version 8.17.0 fixes the following issues: Security issues fixed: - CVE-2019-16777, CVE-2019-16776, CVE-2019-16775: Updated npm to 6.13.4, fixing an arbitrary path overwrite and access via 'bin' field bsc1159352. This update was imported from the SUSE:SLE-15:Update upda...

SUSE SLES15 Security Update : nodejs8 (SUSE-SU-2020:0043-1)

This update for nodejs8 to version 8.17.0 fixes the following issues : Security issues fixed : CVE-2019-16777, CVE-2019-16776, CVE-2019-16775: Updated npm to 6.13.4, fixing an arbitrary path overwrite and access via 'bin' field bsc1159352. Note that Tenable Network Security has extracted the...

SUSE-SU-2020:0043-1 Security update for nodejs8

This update for nodejs8 to version 8.17.0 fixes the following issues: Security issues fixed: - CVE-2019-16777, CVE-2019-16776, CVE-2019-16775: Updated npm to 6.13.4, fixing an arbitrary path overwrite and access via 'bin' field bsc1159352...

Debian: Security Advisory (DSA-4581-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Cross-site scripting in Swagger-UI

A Cascading Style Sheets CSS injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite RPO technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. In other words, this product intentionally allows th...

CSS Injection

swagger-ui is vulnerable to CSS injection. The ?url= parameter allows an attacker to override a hard-coded schema file, which would enable for the Relative Path Overwrite RPO exploit technique, allowing exfiltration of confidential information from a victim's browser such as the CSRF token value...

CVE-2019-17495

A Cascading Style Sheets CSS injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite RPO technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. In other words, this product intentionally allows th...

CVE-2019-17495

A Cascading Style Sheets CSS injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite RPO technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. In other words, this product intentionally allows th...

CVE-2019-17495

A Cascading Style Sheets CSS injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite RPO technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. In other words, this product intentionally allows th...

Cross-Site Scripting (XSS)

Phpbb is vulnerable to cross-site scripting XSS attacks. The attacks are possible because includes/startup.php does not sanitize the user-supplied input which allows trailing paths to be injected through "Relative Path Overwrite."...

MyLittleForum 2.3.6.1 XSS / Path Overwrite Vulnerability

MyLittleForum version 2.3.6.1 suffers from path overwrite and cross site scripting vulnerabilities. 1. Introduction Affected Product: MyLittleForum 2.3.6.1 Fixed in: 2.3.7beta Fixed Version Link: https://github.com/ilosuna/mylittleforum/releases/tag/ v2.3.7beta Vendor Website:...

MyLittleForum 2.3.6.1 XSS / Path Overwrite

Security Advisory - Curesec Research Team 1. Introduction Affected Product: MyLittleForum 2.3.6.1 Fixed in: 2.3.7beta Fixed Version Link: https://github.com/ilosuna/mylittleforum/releases/tag/ v2.3.7beta Vendor Website: http://mylittleforum.net/ Vulnerability Type: XSS & RPO Remote Exploitable: Y...

Cross site scripting

Cross-site scripting XSS vulnerability in includes/startup.php in phpBB before 3.0.13 allows remote attackers to inject arbitrary web script or HTML via vectors related to "Relative Path Overwrite."...

UBUNTU-CVE-2015-1431

Cross-site scripting XSS vulnerability in includes/startup.php in phpBB before 3.0.13 allows remote attackers to inject arbitrary web script or HTML via vectors related to "Relative Path Overwrite."...