Use-After-Free

chromium:sid is vulnerable to Use After Free. Passwords in google chrome allows an attacker to remotely compromise the render process to exploit heap corruption using a crafter HTML page causing an application crash...

Remote Code Execution (RCE)

eta is vulnerable to Remote Code Execution RCE. The vulnerability is due to the Express render API overwriting template engine configuration variables which allows an attacker to execute arbitrary codes. An application is only vulnerable if its rendering user submitted data without sanitization...

Xss in compose mail functionaility

Description Reflected cross-site scripting or XSS arises when an application receives data in an HTTP request and includes that data within the immediate response in an unsafe way. Proof of Concept - Step1: login as normal user. - step2: click on webmail and click on compose. - step3: now enter "...

Eta vulnerable to Code Injection via templates rendered with user-defined data

Versions of the package eta before 2.0.0 are vulnerable to Remote Code Execution RCE by overwriting template engine configuration variables with view options received from The Express render API. Note: This is exploitable only for users who are rendering templates with user-defined data...

CVE-2022-25967

Versions of the package eta before 2.0.0 are vulnerable to Remote Code Execution RCE by overwriting template engine configuration variables with view options received from The Express render API. Note: This is exploitable only for users who are rendering templates with user-defined data...

CVE-2022-25967

Versions of the package eta before 2.0.0 are vulnerable to Remote Code Execution RCE by overwriting template engine configuration variables with view options received from The Express render API. Note: This is exploitable only for users who are rendering templates with user-defined data...

Remote code execution

Versions of the package eta before 2.0.0 are vulnerable to Remote Code Execution RCE by overwriting template engine configuration variables with view options received from The Express render API. Note: This is exploitable only for users who are rendering templates with user-defined data...

CVE-2022-25967

The CVE-2022-25967 issue affects the ETA npm package prior to 2.0.0. An RCE vulnerability arises by overwriting template engine configuration variables with view options received from the Express render API, exploitable only when rendering templates with user-supplied data. Remediation: upgrade E...

CVE-2022-25967

Versions of the package eta before 2.0.0 are vulnerable to Remote Code Execution RCE by overwriting template engine configuration variables with view options received from The Express render API. Note: This is exploitable only for users who are rendering templates with user-defined data...

CVE-2022-25967

Versions of the package eta before 2.0.0 are vulnerable to Remote Code Execution RCE by overwriting template engine configuration variables with view options received from The Express render API. Note: This is exploitable only for users who are rendering templates with user-defined data...

Eta 安全漏洞

Eta is Eta open source a lightweight , fast embedded JS template engine . It runs in Node, Deno and browsers. A security vulnerability exists in versions of Eta prior to 2.0.0, which stems from its use of view options received from the Express render API to override template engine configuration...

Cross-Site Scripting (XSS)

@builder.io/qwik is vulnerable to Cross-Site Scripting XSS. The vulnerability exists due to improper sanitization of user inputs in render-ssr.ts, which allows an attacker to inject and execute arbitrary JavaScript...

Out-of-bounds

cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. In versions prior 0.29.0.gfm.7, a crafted markdown document can trigger an out-of-bounds read in the validateprotocol function. We believe this bug is harmless in practice, because the out-of-bounds...

SDL 安全漏洞

github SDL is a software application. Simple Directmedia Layer A security vulnerability exists in SDL2 that stems from a potential memory leak in the GLESCreateTexture function in SDLrendergles.c, allowing attackers to cause a denial of service...

Cross site scripting

A vulnerability has been found in stiiv contactapp and classified as problematic. Affected by this vulnerability is the function render of the file libs/View.php. The manipulation of the argument var leads to cross site scripting. The attack can be launched remotely. The patch is named...

CVE-2014-125034 stiiv contact_app View.php render cross site scripting

A vulnerability has been found in stiiv contactapp and classified as problematic. Affected by this vulnerability is the function render of the file libs/View.php. The manipulation of the argument var leads to cross site scripting. The attack can be launched remotely. The patch is named...

CVE-2014-125034 stiiv contact_app View.php render cross site scripting

A vulnerability has been found in stiiv contactapp and classified as problematic. Affected by this vulnerability is the function render of the file libs/View.php. The manipulation of the argument var leads to cross site scripting. The attack can be launched remotely. The patch is named...

PT-2023-10104 · Unknown · Stiiv Contact App

Name of the Vulnerable Software and Affected Versions: stiiv contact app affected versions not specified Description: A vulnerability has been found in stiiv contact app and classified as problematic. The function render of the file libs/View.php is affected by this issue. The manipulation of the...

Cross site scripting

A vulnerability, which was classified as problematic, was found in yolapi. Affected is the function renderdescription of the file yolapi/pypi/metadata.py. The manipulation of the argument text leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is...

PT-2022-8066 · Pypi · Yolapi

Name of the Vulnerable Software and Affected Versions: yolapi affected versions not specified Description: A problematic vulnerability was found in yolapi, affecting the render description function of the file yolapi/pypi/metadata.py. The manipulation of the text argument leads to cross-site...