22 matches found
EUVD-2021-0869
Malware in sbrugna...
EUVD-2019-4619
Malware in sbrugna...
CVE-2020-8129
An unintended require vulnerability in script-manager npm package version 0.8.6 and earlier may allow attackers to execute arbitrary code...
CVE-2019-13066
Sahi Pro 8.0.0 has a script manager arena located at s/dyn/pro/DBReports with many different areas that are vulnerable to reflected XSS, by updating a script's Script Name, Suite Name, Base URL, Android, iOS, Scripts Run, Origin Machine, or Comment field. The sql parameter can be used to trigger...
CVE-2022-43938 Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x cannot allow a system administrator to disable scripting capabilities of Pentaho Reports .prpt through the JVM script manager...
Integrating Akamai mPulse with Consent Management Providers
Akamai mPulse is a real user monitoring solution, providing detailed information about the user experiences delivered by your web applications. mPulse can be configured within your Akamai property to automatically start collecting data from your customer visits. This initial setup will gather the...
CVE-2021-33509
Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script...
Code Injection in script-manager
An unintended require vulnerability in script-manager npm package version 0.8.6 and earlier may allow attackers to execute arbitrary code...
GHSA-RHWF-HQPR-Q8G2 Code Injection in script-manager
An unintended require vulnerability in script-manager npm package version 0.8.6 and earlier may allow attackers to execute arbitrary code...
Remote Code Execution (RCE)
jsreport is vulnerable to remote code execution RCE. Of a variety of packages it consists, the Script-manager utilized for running user's scripts in a sandbox has an unintended require vulnerability and Puppeteer utilized for turning user's HTML into pdf files has SSRF Server Side Request Forgery...
CVE-2020-8129
An unintended require vulnerability in script-manager npm package version 0.8.6 and earlier may allow attackers to execute arbitrary code...
CVE-2020-8129
An unintended require vulnerability in script-manager npm package version 0.8.6 and earlier may allow attackers to execute arbitrary code...
Code injection
An unintended require vulnerability in script-manager npm package version 0.8.6 and earlier may allow attackers to execute arbitrary code...
CVE-2020-8129
An unintended require vulnerability in script-manager npm package version 0.8.6 and earlier may allow attackers to execute arbitrary code...
Arbitrary Code Execution
script-manager is vulnerable to arbitrary code execution. The vulnerability exists as it was possible to include arbitrary scripts through the value of execModulePath...
CVE-2019-13066
Sahi Pro 8.0.0 has a script manager arena located at s/dyn/pro/DBReports with many different areas that are vulnerable to reflected XSS, by updating a script's Script Name, Suite Name, Base URL, Android, iOS, Scripts Run, Origin Machine, or Comment field. The sql parameter can be used to trigger...
CVE-2019-13066
Sahi Pro 8.0.0 has a script manager arena located at s/dyn/pro/DBReports with many different areas that are vulnerable to reflected XSS, by updating a script's Script Name, Suite Name, Base URL, Android, iOS, Scripts Run, Origin Machine, or Comment field. The sql parameter can be used to trigger...
Cross site scripting
Sahi Pro 8.0.0 has a script manager arena located at s/dyn/pro/DBReports with many different areas that are vulnerable to reflected XSS, by updating a script's Script Name, Suite Name, Base URL, Android, iOS, Scripts Run, Origin Machine, or Comment field. The sql parameter can be used to trigger...
CVE-2019-13066
Sahi Pro 8.0.0 has a script manager arena located at s/dyn/pro/DBReports with many different areas that are vulnerable to reflected XSS, by updating a script's Script Name, Suite Name, Base URL, Android, iOS, Scripts Run, Origin Machine, or Comment field. The sql parameter can be used to trigger...
CVE-2019-13066
Sahi Pro 8.0.0 contains a reflected XSS vulnerability in the script manager arena at /s /dyn/pro/DBReports. The issue is triggered by manipulating the sql parameter (and relevant fields such as Script Name, Suite Name, Base URL, Android, iOS, Scripts Run, Origin Machine, or Comment), allowing an ...