7 matches found
redis-commander (>=0.6.7 <=0.7.2) potentially affected by CVE-2022-30241 via jquery.json-viewer (=1.4.0)
jquery.json-viewer NPM version =1.4.0 is affected by a known vulnerability. The following packages have a transitive dependency on jquery.json-viewer and may be impacted: - redis-commander =0.6.7, =0.7.2 Source cves: CVE-2022-30241 Source advisory: OSV:GHSA-QP2Q-6H9J-JG2R...
Reflected Cross-Site Scripting in redis-commander
Affected versions of redis-commander contain a cross-site scripting vulnerability in the highlighterId paramter of the clipboard.swf component on hosts serving Redis Commander. Mitigating factors: Flash must be installed / enabled for this to work. The below proof of concept was verified to work...
GHSA-8C8C-4VFJ-RRPC Reflected Cross-Site Scripting in redis-commander
Affected versions of redis-commander contain a cross-site scripting vulnerability in the highlighterId paramter of the clipboard.swf component on hosts serving Redis Commander. Mitigating factors: Flash must be installed / enabled for this to work. The below proof of concept was verified to work...
Timing Attack
redis-commander is vulnerable to timing attack. A remote attacker is able to perform password guessing by analyzing the response time of the application during password validation...
Reflected Cross-site Scripting (XSS)
redis-commander is vulnerable to reflected cross-site scripting XSS attacks. A malicious user can inject and execute arbitrary Javascript through the highlighterId parameter in the web/static/jstree/docs/syntax/clipboard.swf file...
Reflected Cross-Site Scripting
Overview Affected versions of redis-commander contain a cross-site scripting vulnerability in the highlighterId paramter of the clipboard.swf component on hosts serving Redis Commander. Mitigating factors: Flash must be installed / enabled for this to work. The below proof of concept was verified...
Node.js third-party modules: [redis-commander] Reflected SWF XSS via vulnerable "clipboard.swf" component
Hi, An injection in the highlighterId parameter of the clipboard.swf component can be used to reflect JavaScript in the context of hosts running Redis Commander. Module specification Name: redis-commander Version: 0.4.5 latest release build Verified conditions Test server: Ubuntu 16.04 LTS Browse...