Malicious code in @cloudplatform-single-spa/opensearch (npm)

Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...

Malicious code in @polka-ui/loader (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f93cf8dde7e6a1252424fc82f38e8502a37d9e427d92d412fd8944c91b8ee5a4 On npm install, scripts/postinstall.js downloads a per-OS payload from https://oob.moika.tech/payload/linux|mac|win, writes it to /tmp/.polka-uiinit....

EUVD-2020-12927

Malware in sbrugna...

CVE-2020-20140

Cross Site Scripting XSS vulnerability in Remote Report component under the Open menu in Flexmonster Pivot Table & Charts 2.7.17...

SUSE CVE-2016-2820

The Firefox Health Reports aka FHR or about:healthreport feature in Mozilla Firefox before 46.0 does not properly restrict the origin of events, which makes it easier for remote attackers to modify sharing preferences by leveraging access to the remote-report IFRAME element...

Dell Wyse Management Suite 安全漏洞

Wyse Management Suite is a scalable solution for managing and optimizing Wyse endpoints from Dell, Inc. The product includes centralized Wyse endpoint management, asset tracking, and automated device discovery.Wyse Management Suite 3.6.1 and prior versions contain a security vulnerability that...

Flexmonster Pivot Table & Charts 2.7.17 - 'Remote Report' Reflected XSS

Exploit Title: Flexmonster Pivot Table & Charts 2.7.17 - 'Remote Report' Reflected XSS Date: 08/01/2020 Exploit Author: Marco Nappi Vendor Homepage: https://www.flexmonster.com/ Version:Flexmonster Pivot Table & Charts 2.7.17 Tested on:Flexmonster Pivot Table & Charts 2.7.17 CVE : CVE-2020-20140...

CVE-2020-20140

Cross Site Scripting XSS vulnerability in Remote Report component under the Open menu in Flexmonster Pivot Table & Charts 2.7.17...

CVE-2020-20140

Cross Site Scripting XSS vulnerability in Remote Report component under the Open menu in Flexmonster Pivot Table & Charts 2.7.17...

Cross site scripting

Cross Site Scripting XSS vulnerability in Remote Report component under the Open menu in Flexmonster Pivot Table & Charts 2.7.17...

CVE-2020-20140

CVE-2020-20140 is a reflected XSS in Flexmonster Pivot Table & Charts 2.7.17, affecting the Remote Report component under the Open menu. Exploit details indicate the issue stems from insufficient input sanitization of the 'path' parameter in file_specs.php, enabling payload execution. Affected pr...

CVE-2020-20140

Cross Site Scripting XSS vulnerability in Remote Report component under the Open menu in Flexmonster Pivot Table & Charts 2.7.17...

Flexmonster Pivot Table & Charts Cross-Site Scripting Vulnerability

Flexmonster Pivot Table & Charts is a Javascript-based codebase for viewing, analyzing, and managing multidimensional data online from Flexmonster. A cross-site scripting vulnerability exists in Flexmonster Pivot Table & Charts 2.7.17, which originates in the Remote Report component under the Ope...

sonpushido.com Cross Site Scripting vulnerability OBB-1213095

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

CVE-2016-2820

The Firefox Health Reports aka FHR or about:healthreport feature in Mozilla Firefox before 46.0 does not properly restrict the origin of events, which makes it easier for remote attackers to modify sharing preferences by leveraging access to the remote-report IFRAME element...