10 matches found
EUVD-2021-1698
Malware in sbrugna...
EUVD-2025-14378
Malicious code in bioql PyPI...
CVE-2025-4648
Download of Code Without Integrity Check vulnerability in Centreon web allows Reflected XSS. A user with elevated privileges can inject XSS by altering the content of a SVG media during the submit request. This issue affects web: from 24.10.0 before 24.10.5, from 24.04.0 before 24.04.11, from...
CVE-2025-4648
The content of a SVG file, received as input in Centreon web, was not properly checked. Allows Reflected XSS. A user with elevated privileges can inject JS script by altering the content of a SVG media, during the submit request. This issue affects web: from 24.10.0 before 24.10.5, from 24.04.0...
CVE-2025-4648 A user with elevated privileges can inject XSS by altering the content of a SVG media during the submit request.
The content of a SVG file, received as input in Centreon web, was not properly checked. Allows Reflected XSS. A user with elevated privileges can inject JS script by altering the content of a SVG media, during the submit request. This issue affects web: from 24.10.0 before 24.10.5, from 24.04.0...
CVE-2025-4648 A user with elevated privileges can inject XSS by altering the content of a SVG media during the submit request.
The content of a SVG file, received as input in Centreon web, was not properly checked. Allows Reflected XSS. A user with elevated privileges can inject JS script by altering the content of a SVG media, during the submit request. This issue affects web: from 24.10.0 before 24.10.5, from 24.04.0...
CVE-2021-37710
Shopware is an open source eCommerce platform. Versions prior to 6.4.3.1 contain a Cross-Site Scripting vulnerability via SVG media files. Version 6.4.3.1 contains a patch. As workarounds for older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin...
Cross-site Scripting (XSS)
Overview loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper neutralization of data URIs, via the image/svg+xml media type. Details...
Cross-Site Scripting via SVG media files
Impact Cross-Site Scripting via SVG media files Patches We recommend updating to the current version 6.4.3.1. You can get the update to 6.4.3.1 regularly via the Auto-Updater or directly via the download overview. https://www.shopware.com/en/download/shopware-6 Workarounds For older versions of...
CVE-2021-37710 Cross-Site Scripting via SVG media files
Shopware is an open source eCommerce platform. Versions prior to 6.4.3.1 contain a Cross-Site Scripting vulnerability via SVG media files. Version 6.4.3.1 contains a patch. As workarounds for older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin...