FreeScout 代码问题漏洞

FreeScout is a lightweight and powerful free open-source help desk and shared inbox built using PHP Laravel framework by FreeScout Inc. Versions of FreeScout prior to 1.8.217 contained code vulnerabilities. These vulnerabilities stemmed from the Helper::sanitizeRemoteUrl function, which...

GHSA-34R5-6J7W-235F Inspektor Gadget uses unsanitized ANSI Escape Sequences In `columns` Output Mode

Description String fields from eBPF events in columns output mode are rendered to the terminal without any sanitization of control characters or ANSI escape sequences. Therefore, a maliciously forged – partially or completely – event payload, coming from an observed container, might inject the...

Cross-site Scripting (XSS)

Overview @n8n/n8n-nodes-langchain is a Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Custom CSS field in the Chat Trigger node due to improper sanitization in the sanitize-html library. An authenticated user with permission to create or modify workflows and...

Stored Cross-site Scripting (XSS)

com.liferay.portal, release.portal.bom is vulnerable to Stored cross-site scripting XSS. The vulnerability is due to insufficient sanitization of rich text fields in web content translation, which allows an attacker to inject malicious HTML or script that executes when viewed by other users...

CVE-2025-54384

CKAN is an open-source DMS data management system for powering data hubs and data portals. Prior to 2.10.9 and 2.11.4, the helpers.markdownextract function did not perform sufficient sanitization of input data before wrapping in an HTML literal element. This helper is used to render user-provided...

EUVD-1999-1567

Malware in sbrugna...

EUVD-2020-18132

Malware in sbrugna...

EUVD-2019-0900

Malware in sbrugna...

EUVD-2020-21948

Malware in sbrugna...

EUVD-2021-24900

Malware in sbrugna...

EUVD-2024-50550

Malicious code in bioql PyPI...

EUVD-2023-53557

Malicious code in bioql PyPI...

EUVD-2025-5502

Malicious code in bioql PyPI...

EUVD-2023-25579

Malicious code in bioql PyPI...

EUVD-2024-34045

Malicious code in bioql PyPI...

EUVD-2024-1647

Malicious code in bioql PyPI...

EUVD-2024-2797

Malicious code in bioql PyPI...

GHSA-HVQ2-WF92-J4F3 express-xss-sanitizer has an unbounded recursion depth

Security Advisory: express-xss-sanitizer Overview A vulnerability was discovered in express-xss-sanitizer that allowed unbounded recursion depth during sanitization of nested objects. Affected Versions - All versions prior to 2.0.1 Patched Versions - 2.0.1 and later Description The sanitize...

CVE-2025-59364

The express-xss-sanitizer aka Express XSS Sanitizer package through 2.0.0 for Node.js has an unbounded recursion depth in sanitize in lib/sanitize.js for a JSON request body...

Cross-site Scripting (XSS)

enshrined/svg-sanitize is vulnerable to Cross-site Scripting XSS. The vulnerability is due to the cleanXlinkHrefs method only checking lower-case attribute names, allowing bypass of the isHrefSafeValue check and enabling XSS or external domain linking...