Cross-Site Scripting

gettext.js is vulnerable to Cross-Site Scripting. The vulnerability is due to improper input sanitization in the parsing of .po dictionary definition files, allowing malicious code injection. Attackers can craft malicious .po files containing JavaScript code, which, when loaded and processed by...

DEBIAN-CVE-2024-43370

gettext.js is a GNU gettext port for node and the browser. There is a cross-site scripting XSS injection if .po dictionary definition files are corrupted. This vulnerability has been patched in version 2.0.3. As a workaround, control the origin of the definition catalog to prevent the use of this...

UBUNTU-CVE-2024-43370

gettext.js is a GNU gettext port for node and the browser. There is a cross-site scripting XSS injection if .po dictionary definition files are corrupted. This vulnerability has been patched in version 2.0.3. As a workaround, control the origin of the definition catalog to prevent the use of this...

CVE-2024-43370

gettext.js is a GNU gettext port for Node and browsers. The CVE-2024-43370 vulnerability is a cross-site scripting (XSS) vulnerability triggered when .po dictionary files are corrupted. The issue has been fixed in version 2.0.3. A workaround is to control the origin of the dictionary catalog to p...

GHSA-VWHG-JWR4-VXGG gettext.js has a Cross-site Scripting injection

Impact Possible vulnerability to XSS injection if .po dictionary definition files is corrupted Patches Update gettext.js to 2.0.3 Workarounds Make sure you control the origin of the definition catalog to prevent the use of this flaw in the definition of plural forms...

Entrans SQL Injection Vulnerablility

No description provided by source. Exploit Title: Entrans SQLi vulnerablility Date: 2010/9/27 Author: keracker Software Link: http://sourceforge.net/projects/entrans/ Software Description: Entrans is an online collaborative translation tool used for editing and translation of PO files. It provide...

Entrans SQL Injection

Exploit Title: Entrans SQLi vulnerablility Date: 2010/9/27 Author: keracker Software Link: http://sourceforge.net/projects/entrans/ Software Description: Entrans is an online collaborative translation tool used for editing and translation of PO files. It provides features such as dynamic'' keyboa...

Entrans - SQL Injection

Entrans - SQL Injection Exploit Title: Entrans SQLi vulnerablility Date: 2010/9/27 Author: keracker Software Link: http://sourceforge.net/projects/entrans/ Software Description: Entrans is an online collaborative translation tool used for editing and translation of PO files. It provides features...

Entrans - SQL Injection

Exploit Title: Entrans SQLi vulnerablility Date: 2010/9/27 Author: keracker Software Link: http://sourceforge.net/projects/entrans/ Software Description: Entrans is an online collaborative translation tool used for editing and translation of PO files. It provides features such as dynamic'' keyboa...

Design/Logic Flaw

bin/compile-messages.py in Django 0.95 does not quote argument strings before invoking the msgfmt program through the os.system function, which allows attackers to execute arbitrary commands via shell metacharacters in a 1 .po or 2 .mo file...