EUVD-2022-4096

Malicious code in bioql PyPI...

MAL-2025-47199 Malicious code in ngx-toastr (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1774663df406fad902dc8413cbf9ac9df437d53215cfb394dd10122b768ebc9e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in ngx-toastr (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1774663df406fad902dc8413cbf9ac9df437d53215cfb394dd10122b768ebc9e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...

GHSA-H7G4-65MF-6MXH Cross-site Scripting in Graylog Server

Graylog before v2.4.4 has an XSS security issue with unescaped text in notifications, related to toastr and util/UserNotification.js...

Cross-site Scripting in Graylog Server

Graylog before v2.4.4 has an XSS security issue with unescaped text in notifications, related to toastr and util/UserNotification.js...

@abp/aspnetcore.mvc.ui.theme.basic (>=0.2.1 <=9.1.3), @abp/aspnetcore.mvc.ui.theme.leptonxlite (>=1.0.0 <=4.1.3) +424 more potentially affected by unknown CVE via toastr (>=2.0.4 <=2.1.4)

toastr NPM version =2.0.4, =0.2.1, =1.0.0, =0.2.3, =4.4.0, =0.3.0, =1.1.0, =1.1.0, =1.1.0, =1.0.1-alpha.0, =1.0.9, =0.5.0, =0.0.1, =1.0.0, =1.0.6 - @bycore/aspnetcore.mvc.ui.theme.basic =3.0.5-beta - @bycore/aspnetcore.mvc.ui.theme.shared =3.0.5-beta and more Source cves: unknown CVE Source...

Cross-site Scripting (XSS)

Overview toastr is a Javascript library for non-blocking notifications. jQuery is required. The goal is to create a simple core library that can be customized and extended Affected versions of this package are vulnerable to Cross-site Scripting XSS due to the missing sanitization of message and...

Rocket.Chat: Post-Auth Stored XSS with User Interaction leads to Remote Code Execution

Summary: Unsafe usage of the toastr library leads to Stored XSS when combined with a validation bypass in the createRoom function. Targeting an admin account leads to Remote Code Execution. Description: The frontend uses the toastr library to display error messages to the user. However, it is use...

Cross site scripting

Graylog before v2.4.4 has an XSS security issue with unescaped text in notifications, related to toastr and util/UserNotification.js...

CVE-2018-11650

Graylog before v2.4.4 has an XSS security issue with unescaped text in notifications, related to toastr and util/UserNotification.js...

CVE-2018-11650

Graylog before v2.4.4 has an XSS security issue with unescaped text in notifications, related to toastr and util/UserNotification.js...

CVE-2018-11650

Graylog before v2.4.4 has an XSS security issue with unescaped text in notifications, related to toastr and util/UserNotification.js...

CVE-2018-11650

CVE-2018-11650 affects Graylog before 2.4.4, where unescaped text in notifications (util/UserNotification.js, toastr) enables a cross-site scripting (XSS) vulnerability. The issue arises in the notification output path and can allow injection of HTML/JS in user-facing notifications. Multiple conn...

Cross-site Scripting (XSS)

toastr is vulnerable to cross-site scripting XSS attacks. The library does not escape script tags, allowing a malicious user to inject and execute arbitrary javascript when creating notifications...