Lucene search
K

7 matches found

Snyk
Snyk
added 2026/05/07 3:29 a.m.7 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the GET /public/api/resources/download endpoint when serving SVG files without a proper Content Security Policy header. An attacker can execute arbitrary JavaScript in the context of users' browsers by...

5.4CVSS5.8AI score
Exploits0References2
Veracode
Veracode
added 2024/10/16 10:45 a.m.9 views

Resources Downloaded Over Insecure Protocol

gradio is vulnerable to Resources Downloaded over Insecure Protocol. The vulnerability is due to the lack of integrity checking on the downloaded FRP client. An attacker can introduce malicious code by modifying the binary without detection if they gain access to the remote URL from which the FRP...

7.5CVSS7.1AI score0.00208EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/05/03 11:15 a.m.2 views

CVE-2023-25787

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Wbolt team WP资源下载管理 plugin = 1.3.9 versions...

4.8CVSS6.6AI score0.00369EPSS
Exploits0References1
OSV
OSV
added 2019/02/18 11:51 p.m.3 views

GHSA-HJGP-8FFR-HWWR closurecompiler downloads Resources over HTTP

Affected versions of closurecompiler insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on th...

8.1CVSS6.3AI score0.01682EPSS
Exploits0References4
OSV
OSV
added 2019/02/18 11:40 p.m.17 views

GHSA-2R5H-GH4X-8HP9 Resources Downloaded over Insecure Protocol in igniteui

Affected versions of igniteui download Javascript and CSS resources over an unencrypted HTTP connection. An attacker with a privileged network position can intercept and view or modify any content sent or recieved over an unencrypted HTTP connection. Recommendation The igniteui package has been...

7.4CVSS7.3AI score0.00534EPSS
Exploits0References3
NVD
NVD
added 2018/06/04 4:29 p.m.27 views

CVE-2016-10667

selenium-portal is a Selenium Testing Framework selenium-portal downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the attacker is on th...

9.3CVSS8.3AI score0.01752EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/06/01 6:0 p.m.23 views

CVE-2016-10630

install-g-test downloads resources over HTTP, which leaves it vulnerable to MITM attacks...

5.7AI score0.00547EPSS
Exploits0References1
Rows per page
Query Builder