14 matches found
EUVD-2011-1714
Malware in sbrugna...
EUVD-2022-4743
Malicious code in bioql PyPI...
GHSA-PCHF-755W-JJ6V QooxDoo XSS in Callback Parameter
Cross-site scripting XSS vulnerability in framework/source/resource/qx/test/jsonpprimitive.php in QooxDoo 1.3 and possibly other versions, as used in eyeOS 2.2 and 2.3, and possibly other products allows remote attackers to inject arbitrary web script or HTML via the callback parameter...
QooxDoo XSS in Callback Parameter
Cross-site scripting XSS vulnerability in framework/source/resource/qx/test/jsonpprimitive.php in QooxDoo 1.3 and possibly other versions, as used in eyeOS 2.2 and 2.3, and possibly other products allows remote attackers to inject arbitrary web script or HTML via the callback parameter...
CVE-2011-1715
Directory traversal vulnerability in framework/source/resource/qx/test/part/delay.php in QooxDoo 1.3 and possibly other versions, as used in eyeOS 2.2 and 2.3, and possibly other products allows remote attackers to read arbitrary files via ..%2f encoded dot dot sequences in the file parameter...
CVE-2011-1714
Cross-site scripting XSS vulnerability in framework/source/resource/qx/test/jsonpprimitive.php in QooxDoo 1.3 and possibly other versions, as used in eyeOS 2.2 and 2.3, and possibly other products allows remote attackers to inject arbitrary web script or HTML via the callback parameter...
CVE-2011-1714
Cross-site scripting XSS vulnerability in framework/source/resource/qx/test/jsonpprimitive.php in QooxDoo 1.3 and possibly other versions, as used in eyeOS 2.2 and 2.3, and possibly other products allows remote attackers to inject arbitrary web script or HTML via the callback parameter...
Directory traversal
Directory traversal vulnerability in framework/source/resource/qx/test/part/delay.php in QooxDoo 1.3 and possibly other versions, as used in eyeOS 2.2 and 2.3, and possibly other products allows remote attackers to read arbitrary files via ..%2f encoded dot dot sequences in the file parameter...
CVE-2011-1715
Directory traversal vulnerability in framework/source/resource/qx/test/part/delay.php in QooxDoo 1.3 and possibly other versions, as used in eyeOS 2.2 and 2.3, and possibly other products allows remote attackers to read arbitrary files via ..%2f encoded dot dot sequences in the file parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in framework/source/resource/qx/test/jsonpprimitive.php in QooxDoo 1.3 and possibly other versions, as used in eyeOS 2.2 and 2.3, and possibly other products allows remote attackers to inject arbitrary web script or HTML via the callback parameter...
CVE-2011-1715
CVE-2011-1715 describes a directory traversal vulnerability in EyeOS-integrated QooxDoo components (notably the file devtools/qooxdoo-sdk/framework/source/resource/qx/test/part/delay.php). The flaw allows remote attackers to read arbitrary files by supplying encoded dot-dot sequences in the file ...
CVE-2011-1714
Cross-site scripting XSS vulnerability in framework/source/resource/qx/test/jsonpprimitive.php in QooxDoo 1.3 and possibly other versions, as used in eyeOS 2.2 and 2.3, and possibly other products allows remote attackers to inject arbitrary web script or HTML via the callback parameter...
CVE-2011-1714
The vulnerability is an XSS in QooxDoo’s jsonp_primitive.php (framework/source/resource/qx/test/jsonp_primitive.php) affecting QooxDoo 1.3 and possibly other versions, as used by eyeOS 2.2/2.3. The underlying issue is reflected script injection via the callback parameter. Current documents do not...
CVE-2011-1715
Directory traversal vulnerability in framework/source/resource/qx/test/part/delay.php in QooxDoo 1.3 and possibly other versions, as used in eyeOS 2.2 and 2.3, and possibly other products allows remote attackers to read arbitrary files via ..%2f encoded dot dot sequences in the file parameter...