88 matches found
CVE-2024-9283
CVE-2024-9283 affects RelaxedJS ReLaXed up to 0.2.2, with a vulnerability in the Pug to PDF Converter component that enables cross-site scripting. The issue is local in nature; exploitation requires local access, and the exploit has been disclosed publicly and may be used. Several connected sourc...
PT-2024-39541 · Unknown · Relaxedjs Relaxed
Name of the Vulnerable Software and Affected Versions: RelaxedJS ReLaXed versions up to 0.2.2 Description: A problematic issue has been found in the Pug to PDF Converter component, which can lead to cross-site scripting. The manipulation requires a local approach to execute an attack. The issue h...
ReLaXed 跨站脚本漏洞
ReLaXed is a ReLaXed open source application. PDF documents can be created interactively using HTML. A cross-site scripting vulnerability exists in ReLaXed 0.2.2 and earlier versions, which stems from an unknown feature of the component Pug to PDF Converter that causes cross-site scripting...
The vulnerability of the `compileClient`, `compileFileClient`, and `compileClientWithDependenciesTracked` templates for generating Pug markup (formerly Jade) allows attackers to execute arbitrary code.
The vulnerability of the compileClient, compileFileClient, and compileClientWithDependenciesTracked functions of the Pug template for generating HTML markup formerly Jade is related to improper code generation control. Exploiting this vulnerability could allow a remote attacker to execute arbitra...
Code Injection
pug is vulnerable to Code execution. The vulnerability is due to the lack of proper input validation for the name option in the compileClient, compileFileClient, or compileClientWithDependenciesTracked functions, which allows attackers to execute arbitrary JavaScript code in the context of the...
Pug allows JavaScript code execution if an application accepts untrusted input
Pug through 3.0.2 allows JavaScript code execution if an application accepts untrusted input for the name option of the compileClient, compileFileClient, or compileClientWithDependenciesTracked function. NOTE: these functions are for compiling Pug templates into JavaScript, and there would...
GHSA-3965-HPX2-Q597 Pug allows JavaScript code execution if an application accepts untrusted input
Pug through 3.0.2 allows JavaScript code execution if an application accepts untrusted input for the name option of the compileClient, compileFileClient, or compileClientWithDependenciesTracked function. NOTE: these functions are for compiling Pug templates into JavaScript, and there would...
CVE-2024-36361
Pug through 3.0.2 allows JavaScript code execution if an application accepts untrusted input for the name option of the compileClient, compileFileClient, or compileClientWithDependenciesTracked function. NOTE: these functions are for compiling Pug templates into JavaScript, and there would...
CVE-2024-36361
CVE-2024-36361 affects the Pug library up to version 3.0.2 . It allows JavaScript code execution when an application passes untrusted input to the name option of the functions that compile templates to JavaScript (compileClient, compileFileClient, compileClientWithDependenciesTracked). The descri...
CVE-2024-36361
Pug through 3.0.2 allows JavaScript code execution if an application accepts untrusted input for the name option of the compileClient, compileFileClient, or compileClientWithDependenciesTracked function. NOTE: these functions are for compiling Pug templates into JavaScript, and there would...
CVE-2024-36361
Pug through 3.0.2 allows JavaScript code execution if an application accepts untrusted input for the name option of the compileClient, compileFileClient, or compileClientWithDependenciesTracked function. NOTE: these functions are for compiling Pug templates into JavaScript, and there would...
Tmont Pug 安全漏洞
Tmont Pug is a Tmont open source application. It provides a way to optimize html. A security vulnerability exists in Tmont Pug 3.0.2 and prior versions that stems from the presence of untrusted input that allows execution of arbitrary JavaScript code...
WordPress Social Pug Plugin < 1.33.1 is vulnerable to Sensitive Data Exposure
Software Social Pug Type Plugin Vulnerable versions 1.33.1 Fixed in 1.33.1 OWASP Top 10 A5: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-1526 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID ac219e9d734d Credits Krzysztof Zając CERT PL Required...
WordPress Social Pug Plugin <= 1.33.1 is vulnerable to PHP Object Injection
Software Social Pug Type Plugin Vulnerable versions = 1.33.1 Fixed in 1.33.2 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-2501 Patch priority Medium CVSS severity Medium 8.5 Developer Claim ownership PSID 888eaee51d8b Credits Webbernaut Required privilege Contributo...
Security Bulletin: A security vulnerability in Node.js pug/pug-code-gen module affects IBM Cloud Automation Manager
Summary A security vulnerability in Node.js pug/pug-code-gen module affects IBM Cloud Automation Manager. Vulnerability Details CVEID:CVE-2021-21353 DESCRIPTION: Node.js pug and pug-code-gen could allow a remote attacker to execute arbitrary code on the system, caused by improper input validation...
CVE-2021-21353
A vulnerability was found in pug where a malicious user with access to the pretty option of the pug template compiler could achieve remote code execution on the backend through a user provided object...
Malicious Package
Overview pug-web-readiness is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package...
Malicious code in pug-web-readiness (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c5a3a74c1c2aacf398fdb05e794db90e5375cf11705fc9cb04b5aa8c2944e403 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-5517 Malicious code in pug-web-readiness (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c5a3a74c1c2aacf398fdb05e794db90e5375cf11705fc9cb04b5aa8c2944e403 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
The vulnerability of the VisitMixin and visitMixinBlock functions in the HTML Pug preprocessor allows a hacker to execute arbitrary code.
The vulnerability of the VisitMixin and visitMixinBlock functions in the HTML Pug preprocessor is related to deficiencies in the process of eliminating special elements from the output data. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code...