7660 matches found
Malicious code in icon-package (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9d88cf998d4140ce1ace5f472b26111b02c4363162678fe2e97c4e4e88008244 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
[SECURITY] Fedora 36 Update: golang-github-cpu-goacmedns-0.1.1-5.fc36
A Go library to handle acme-dns client communication and persistent account storage...
Multiple Stored XSS
✍️ Description The persistent or stored XSS vulnerability is a more devastating variant of a cross-site scripting flaw, it occurs when the data provided by the attacker is saved by the server, and then permanently displayed on "normal" pages returned to other users in the course of regular...
Moderate: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.2 security and bug fix update
The Migration Toolkit for Containers MTC 1.7.2 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...
Malicious code in personal-colors-kash (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 314d8e8e81281e1eb99614b0ba515986bf54f7afaccd18e2dcb8f641ae43b232 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
WordPress Plugin NewStatPress Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Plugin NewStatPress version 1.2.4 contains a cross-site scripting vulnerability that can be...
Stored Cross-Site Scripting (XSS)
Client-side scripts are used extensively by modern web applications. They perform from simple functions such as the formatting of text up to full manipulation of client-side data and Operating System interaction. Cross Site Scripting XSS allows clients to inject scripts into a request and have th...
CVE-2017-20098
A vulnerability was found in Admin Custom Login Plugin 2.4.5.2. It has been classified as problematic. Affected is an unknown function. The manipulation leads to basic cross site scripting Persistent. It is possible to launch the attack remotely...
CVE-2017-20098 Admin Custom Login Plugin Persistent cross site scripting
A vulnerability was found in Admin Custom Login Plugin 2.4.5.2. It has been classified as problematic. Affected is an unknown function. The manipulation leads to basic cross site scripting Persistent. It is possible to launch the attack remotely...
CVE-2017-20098 Admin Custom Login Plugin Persistent cross site scripting
A vulnerability was found in Admin Custom Login Plugin 2.4.5.2. It has been classified as problematic. Affected is an unknown function. The manipulation leads to basic cross site scripting Persistent. It is possible to launch the attack remotely...
Cross site scripting
Persistent XSS in Galaxkey Secure Mail Client in Galaxkey up to 5.6.11.5 allows an attacker to perform an account takeover by intercepting the HTTP Post request when sending an email and injecting a specially crafted XSS payload in the 'subject' field. The payload executes when the recipient logs...
CVE-2017-20094 NewStatPress Plugin Persistent cross site scriting
A vulnerability, which was classified as problematic, has been found in NewStatPress Plugin 1.2.4. This issue affects some unknown processing. The manipulation leads to basic cross site scripting Persistent. The attack may be initiated remotely. Upgrading to version 1.2.5 is able to address this...
CVE-2017-20094 NewStatPress Plugin Persistent cross site scriting
A vulnerability, which was classified as problematic, has been found in NewStatPress Plugin 1.2.4. This issue affects some unknown processing. The manipulation leads to basic cross site scripting Persistent. The attack may be initiated remotely. Upgrading to version 1.2.5 is able to address this...
GHSA-7F7G-8Q3X-JPX9 Cross site scripting in Elefant CMS
A vulnerability, which was classified as problematic, has been found in Elefant CMS 1.3.12-RC. Affected by this issue is some unknown functionality of the component Title Handler. The manipulation with the input leads to basic cross site scripting Persistent. The attack may be launched remotely...
Cross site scripting in Elefant CMS
A vulnerability, which was classified as problematic, has been found in Elefant CMS 1.3.12-RC. Affected by this issue is some unknown functionality of the component Title Handler. The manipulation with the input leads to basic cross site scripting Persistent. The attack may be launched remotely...
Cross site scripting in Elefant CMS
A vulnerability classified as problematic was found in Elefant CMS 1.3.12-RC. Affected by this vulnerability is an unknown functionality of the component Version Comparison. The manipulation leads to basic cross site scripting Persistent. The attack can be launched remotely. Upgrading to version...
Cross site scripting in Elefant CMS
A vulnerability, which was classified as problematic, was found in Elefant CMS 1.3.12-RC. This affects an unknown part of the component Blog Post Handler. The manipulation leads to basic cross site scripting Persistent. It is possible to initiate the attack remotely. Upgrading to version 1.3.13 i...
GHSA-4453-G295-24MH Cross site scripting in Elefant CMS
A vulnerability, which was classified as problematic, was found in Elefant CMS 1.3.12-RC. This affects an unknown part of the component Blog Post Handler. The manipulation leads to basic cross site scripting Persistent. It is possible to initiate the attack remotely. Upgrading to version 1.3.13 i...
Malicious code in k-paste (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2a6b12ef2387a7c507563af7c5478f0d551db852a6ecca091066addfac40414d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in dinesh-dev-nagajikkktest11223qa (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 264ebd2de392e7bd4b34274a1240574d0e278d607f37c1b9a0d1bc6baf9456df Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...