Lucene search
+L

88 matches found

CVE
CVE
added 2024/09/27 2:0 p.m.47 views

CVE-2024-9283

CVE-2024-9283 affects RelaxedJS ReLaXed up to 0.2.2, with a vulnerability in the Pug to PDF Converter component that enables cross-site scripting. The issue is local in nature; exploitation requires local access, and the exploit has been disclosed publicly and may be used. Several connected sourc...

4.8CVSS3.6AI score0.00269EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/09/27 12:0 a.m.14 views

PT-2024-39541 · Unknown · Relaxedjs Relaxed

Name of the Vulnerable Software and Affected Versions: RelaxedJS ReLaXed versions up to 0.2.2 Description: A problematic issue has been found in the Pug to PDF Converter component, which can lead to cross-site scripting. The manipulation requires a local approach to execute an attack. The issue h...

4.8CVSS6.2AI score0.00269EPSS
Exploits0References9
CNNVD
CNNVD
added 2024/09/27 12:0 a.m.5 views

ReLaXed 跨站脚本漏洞

ReLaXed is a ReLaXed open source application. PDF documents can be created interactively using HTML. A cross-site scripting vulnerability exists in ReLaXed 0.2.2 and earlier versions, which stems from an unknown feature of the component Pug to PDF Converter that causes cross-site scripting...

4.8CVSS3.8AI score0.00269EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2024/06/07 12:0 a.m.9 views

The vulnerability of the `compileClient`, `compileFileClient`, and `compileClientWithDependenciesTracked` templates for generating Pug markup (formerly Jade) allows attackers to execute arbitrary code.

The vulnerability of the compileClient, compileFileClient, and compileClientWithDependenciesTracked functions of the Pug template for generating HTML markup formerly Jade is related to improper code generation control. Exploiting this vulnerability could allow a remote attacker to execute arbitra...

8.1CVSS7.2AI score0.00491EPSS
Exploits0References10Affected Software2
Veracode
Veracode
added 2024/05/28 4:57 a.m.23 views

Code Injection

pug is vulnerable to Code execution. The vulnerability is due to the lack of proper input validation for the name option in the compileClient, compileFileClient, or compileClientWithDependenciesTracked functions, which allows attackers to execute arbitrary JavaScript code in the context of the...

6.8CVSS7.6AI score0.00491EPSS
Exploits0References5Affected Software2
Github Security Blog
Github Security Blog
added 2024/05/24 2:45 p.m.36 views

Pug allows JavaScript code execution if an application accepts untrusted input

Pug through 3.0.2 allows JavaScript code execution if an application accepts untrusted input for the name option of the compileClient, compileFileClient, or compileClientWithDependenciesTracked function. NOTE: these functions are for compiling Pug templates into JavaScript, and there would...

6.8CVSS7.6AI score0.00491EPSS
Exploits0References10Affected Software2
OSV
OSV
added 2024/05/24 2:45 p.m.11 views

GHSA-3965-HPX2-Q597 Pug allows JavaScript code execution if an application accepts untrusted input

Pug through 3.0.2 allows JavaScript code execution if an application accepts untrusted input for the name option of the compileClient, compileFileClient, or compileClientWithDependenciesTracked function. NOTE: these functions are for compiling Pug templates into JavaScript, and there would...

6.8CVSS7.1AI score0.00491EPSS
Exploits0References10
NVD
NVD
added 2024/05/24 6:15 a.m.38 views

CVE-2024-36361

Pug through 3.0.2 allows JavaScript code execution if an application accepts untrusted input for the name option of the compileClient, compileFileClient, or compileClientWithDependenciesTracked function. NOTE: these functions are for compiling Pug templates into JavaScript, and there would...

6.8CVSS7AI score0.00491EPSS
Exploits0References2
CVE
CVE
added 2024/05/24 6:4 a.m.131 views

CVE-2024-36361

CVE-2024-36361 affects the Pug library up to version 3.0.2 . It allows JavaScript code execution when an application passes untrusted input to the name option of the functions that compile templates to JavaScript (compileClient, compileFileClient, compileClientWithDependenciesTracked). The descri...

6.8CVSS7.2AI score0.00491EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/05/24 6:4 a.m.39 views

CVE-2024-36361

Pug through 3.0.2 allows JavaScript code execution if an application accepts untrusted input for the name option of the compileClient, compileFileClient, or compileClientWithDependenciesTracked function. NOTE: these functions are for compiling Pug templates into JavaScript, and there would...

7AI score0.00491EPSS
Exploits0References2
OSV
OSV
added 2024/05/24 6:4 a.m.3 views

CVE-2024-36361

Pug through 3.0.2 allows JavaScript code execution if an application accepts untrusted input for the name option of the compileClient, compileFileClient, or compileClientWithDependenciesTracked function. NOTE: these functions are for compiling Pug templates into JavaScript, and there would...

6.8CVSS6.8AI score0.00491EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/05/24 12:0 a.m.8 views

Tmont Pug 安全漏洞

Tmont Pug is a Tmont open source application. It provides a way to optimize html. A security vulnerability exists in Tmont Pug 3.0.2 and prior versions that stems from the presence of untrusted input that allows execution of arbitrary JavaScript code...

6.8CVSS6.6AI score0.00491EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/04/01 12:0 a.m.12 views

WordPress Social Pug Plugin < 1.33.1 is vulnerable to Sensitive Data Exposure

Software Social Pug Type Plugin Vulnerable versions 1.33.1 Fixed in 1.33.1 OWASP Top 10 A5: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-1526 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID ac219e9d734d Credits Krzysztof Zając CERT PL Required...

6.5AI score0.00516EPSS
Exploits2References4Affected Software1
Patchstack
Patchstack
added 2024/03/28 12:0 a.m.18 views

WordPress Social Pug Plugin <= 1.33.1 is vulnerable to PHP Object Injection

Software Social Pug Type Plugin Vulnerable versions = 1.33.1 Fixed in 1.33.2 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-2501 Patch priority Medium CVSS severity Medium 8.5 Developer Claim ownership PSID 888eaee51d8b Credits Webbernaut Required privilege Contributo...

7.5CVSS6.8AI score0.00921EPSS
Exploits0References3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/15 12:7 p.m.20 views

Security Bulletin: A security vulnerability in Node.js pug/pug-code-gen module affects IBM Cloud Automation Manager

Summary A security vulnerability in Node.js pug/pug-code-gen module affects IBM Cloud Automation Manager. Vulnerability Details CVEID:CVE-2021-21353 DESCRIPTION: Node.js pug and pug-code-gen could allow a remote attacker to execute arbitrary code on the system, caused by improper input validation...

9CVSS8.1AI score0.04269EPSS
Exploits1Affected Software1
RedhatCVE
RedhatCVE
added 2022/12/01 8:26 p.m.48 views

CVE-2021-21353

A vulnerability was found in pug where a malicious user with access to the pretty option of the pug template compiler could achieve remote code execution on the backend through a user provided object...

9CVSS3.5AI score0.04269EPSS
Exploits1References8
Snyk
Snyk
added 2022/08/11 11:43 a.m.4 views

Malicious Package

Overview pug-web-readiness is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package...

9.8CVSS7.1AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/07/26 9:49 a.m.5 views

Malicious code in pug-web-readiness (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c5a3a74c1c2aacf398fdb05e794db90e5375cf11705fc9cb04b5aa8c2944e403 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2022/07/26 9:49 a.m.8 views

MAL-2022-5517 Malicious code in pug-web-readiness (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c5a3a74c1c2aacf398fdb05e794db90e5375cf11705fc9cb04b5aa8c2944e403 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2021/06/04 12:0 a.m.8 views

The vulnerability of the VisitMixin and visitMixinBlock functions in the HTML Pug preprocessor allows a hacker to execute arbitrary code.

The vulnerability of the VisitMixin and visitMixinBlock functions in the HTML Pug preprocessor is related to deficiencies in the process of eliminating special elements from the output data. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code...

9.3CVSS8AI score0.04269EPSS
Exploits1References9Affected Software2
Rows per page
Query Builder