10 matches found
EUVD-2022-1631
Malicious code in bioql PyPI...
Permissive parameters and privilege escalation
An issue was discovered in Steve Pallen Coherence before 0.5.2 that is similar to a Mass Assignment vulnerability. In particular, "registration" endpoints e.g., creating, editing, updating allow users to update any coherencefields data. For example, users can automatically confirm their accounts ...
Steve Pallen Xain Cross-Site Scripting Vulnerability
Steve Pallen Xain is a library that provides HTML markup for Elixir. A cross-site scripting vulnerability exists in versions of Steve Pallen Xain prior to 0.6.2, which can be exploited by remote attackers to inject arbitrary web script or HTML with the help of the 'order' parameter...
CVE-2018-20301
An issue was discovered in Steve Pallen Coherence before 0.5.2 that is similar to a Mass Assignment vulnerability. In particular, "registration" endpoints e.g., creating, editing, updating allow users to update any coherencefields data. For example, users can automatically confirm their accounts ...
CVE-2018-20301
An issue was discovered in Steve Pallen Coherence before 0.5.2 that is similar to a Mass Assignment vulnerability. In particular, "registration" endpoints e.g., creating, editing, updating allow users to update any coherencefields data. For example, users can automatically confirm their accounts ...
CVE-2018-20301
An issue was discovered in Steve Pallen Coherence before 0.5.2 that is similar to a Mass Assignment vulnerability. In particular, "registration" endpoints e.g., creating, editing, updating allow users to update any coherencefields data. For example, users can automatically confirm their accounts ...
CVE-2018-20302
An XSS issue was discovered in Steve Pallen Xain before 0.6.2 via the order parameter...
CVE-2018-20302
An XSS issue was discovered in Steve Pallen Xain before 0.6.2 via the order parameter...
CVE-2018-20302
Steve Pallen Xain is affected by an XSS vulnerability in versions prior to 0.6.2, exploitable via the order parameter. The issue is reported across multiple sources (CVE-2018-20302, related advisories). Remediation: upgrade to Xain 0.6.2 or newer to mitigate.
CVE-2018-20302
An XSS issue was discovered in Steve Pallen Xain before 0.6.2 via the order parameter...