377 matches found
CVE-2024-47872 Cross-site Scripting on Gradio server via upload of HTML files, JS files, or SVG files
Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves Cross-Site Scripting XSS on any Gradio server that allows file uploads. Authenticated users can upload files such as HTML, JavaScript, or SVG files containing malicious scripts. When other users...
CVE-2024-47872 Cross-site Scripting on Gradio server via upload of HTML files, JS files, or SVG files
Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves Cross-Site Scripting XSS on any Gradio server that allows file uploads. Authenticated users can upload files such as HTML, JavaScript, or SVG files containing malicious scripts. When other users...
CVE-2024-47872
Technical details about CVE-2024-47872 are not publicly provided in the connected documents. Please monitor for updates from official advisories for affected products, components, versions, and remediation steps.
CVE-2024-47872 Cross-site Scripting on Gradio server via upload of HTML files, JS files, or SVG files
Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves Cross-Site Scripting XSS on any Gradio server that allows file uploads. Authenticated users can upload files such as HTML, JavaScript, or SVG files containing malicious scripts. When other users...
GHSA-GVV6-33J7-884G Gradio has an XSS on every Gradio server via upload of HTML files, JS files, or SVG files
Impact What kind of vulnerability is it? Who is impacted? This vulnerability involves Cross-Site Scripting XSS on any Gradio server that allows file uploads. Authenticated users can upload files such as HTML, JavaScript, or SVG files containing malicious scripts. When other users download or view...
Gradio has an XSS on every Gradio server via upload of HTML files, JS files, or SVG files
Impact What kind of vulnerability is it? Who is impacted? This vulnerability involves Cross-Site Scripting XSS on any Gradio server that allows file uploads. Authenticated users can upload files such as HTML, JavaScript, or SVG files containing malicious scripts. When other users download or view...
WordPress WooCommerce Multiple Free Gift plugin <= 1.2.3 - Insufficient Server-Side Validation to Arbitrary Gift Adding vulnerability
Insufficient Server-Side Validation to Arbitrary Gift Adding vulnerability discovered by Danielius Vargonas in WordPress Plugin WooCommerce Multiple Free Gift versions = 1.2.3...
CVE-2022-3459 WooCommerce Multiple Free Gift <= 1.2.3 - Insufficient Server-Side Validation to Arbitrary Gift Adding
The WooCommerce Multiple Free Gift plugin for WordPress is vulnerable to gift manipulation in all versions up to, and including, 1.2.3. This is due to plugin not enforcing server-side checks on the products that can be added as a gift. This makes it possible for unauthenticated attackers to add...
CVE-2022-3459 WooCommerce Multiple Free Gift <= 1.2.3 - Insufficient Server-Side Validation to Arbitrary Gift Adding
The WooCommerce Multiple Free Gift plugin for WordPress is vulnerable to gift manipulation in all versions up to, and including, 1.2.3. This is due to plugin not enforcing server-side checks on the products that can be added as a gift. This makes it possible for unauthenticated attackers to add...
The vulnerability of the Kubernetes Linkerd security tool for clusters lies in insufficient validation of requests on the server side. This allows a malicious actor to perform an SSRF attack and cause service failure.
The vulnerability of the Kubernetes Linkerd security tool for clusters is related to insufficient validation of requests on the server side. Exploiting this vulnerability allows a malicious actor to perform an SSRF attack and cause a service failure by sending specially crafted requests to...
PT-2024-29000 · Changing Information Technology · Tcbservisign
Name of the Vulnerable Software and Affected Versions: TCBServiSign Windows Version from CHANGING Information Technology affected versions not specified Description: The issue concerns improper validation of server-side input in a specific API. This allows unauthenticated remote attackers to caus...
PT-2024-4802
Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint Server affected versions not specified Description: The issue is related to insufficient server-side request validation, allowing a remote attacker to disclose protected information. There is no information provided about...
Security Bulletin: Sterling B2B Integrator Standard Edition is vulnerable to cross-site scripting ( CVE-2023-42014).
Summary In Sterling B2B Integrator Standard Edition Console, the Content-Security-Policy header in the console for B2Bi is not set to the stictest available value. The Content-Security-Policy that is set by the server allows inline Javascript and "eval" functions in the browser. Allowing inline...
Prototype Pollution
Conform is vulnerable to prototype pollution. The vulnerability is due to the nested object parsing, allowing attackers to trigger prototype pollution by passing crafted input to parseWith functions. Applications using Conform for server-side validation of form data or URL parameters are affected...
GHSA-624G-8QJG-8QXF Conform contains a Prototype Pollution Vulnerability in `parseWith...` function
Summary Conform allows the parsing of nested objects in the form of object.property. Due to an improper implementation of this feature, an attacker can exploit it to trigger prototype pollution by passing a crafted input to parseWith... functions. PoC javascript const parseWithZod =...
Conform contains a Prototype Pollution Vulnerability in `parseWith...` function
Summary Conform allows the parsing of nested objects in the form of object.property. Due to an improper implementation of this feature, an attacker can exploit it to trigger prototype pollution by passing a crafted input to parseWith... functions. PoC javascript const parseWithZod =...
CVE-2024-32866
Conform, a type-safe form validation library, allows the parsing of nested objects in the form of object.property. Due to an improper implementation of this feature in versions prior to 1.1.1, an attacker can exploit the feature to trigger prototype pollution by passing a crafted input to...
CVE-2024-32866 Conform contains Prototype Pollution Vulnerability in `parseWith...` function
Conform, a type-safe form validation library, allows the parsing of nested objects in the form of object.property. Due to an improper implementation of this feature in versions prior to 1.1.1, an attacker can exploit the feature to trigger prototype pollution by passing a crafted input to...
CVE-2024-32866
CVE-2024-32866 concerns Conform, a type-safe form validation library. The issue enables prototype pollution through parsing of nested objects (object.property) in parseWith… functions due to an improper implementation in versions prior to 1.1.1. This affects server-side validation of form data or...
CVE-2024-1599
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...