7 matches found
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the GET /public/api/resources/download endpoint when serving SVG files without a proper Content Security Policy header. An attacker can execute arbitrary JavaScript in the context of users' browsers by...
Resources Downloaded Over Insecure Protocol
gradio is vulnerable to Resources Downloaded over Insecure Protocol. The vulnerability is due to the lack of integrity checking on the downloaded FRP client. An attacker can introduce malicious code by modifying the binary without detection if they gain access to the remote URL from which the FRP...
CVE-2023-25787
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Wbolt team WP资源下载管理 plugin = 1.3.9 versions...
GHSA-HJGP-8FFR-HWWR closurecompiler downloads Resources over HTTP
Affected versions of closurecompiler insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on th...
GHSA-2R5H-GH4X-8HP9 Resources Downloaded over Insecure Protocol in igniteui
Affected versions of igniteui download Javascript and CSS resources over an unencrypted HTTP connection. An attacker with a privileged network position can intercept and view or modify any content sent or recieved over an unencrypted HTTP connection. Recommendation The igniteui package has been...
CVE-2016-10667
selenium-portal is a Selenium Testing Framework selenium-portal downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the attacker is on th...
CVE-2016-10630
install-g-test downloads resources over HTTP, which leaves it vulnerable to MITM attacks...