Lucene search
K

4 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 3:45 a.m.4 views

SUSE CVE-2021-23358

The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized...

7.2CVSS6.5AI score0.04087EPSS
Exploits2References4
RedHat Linux
RedHat Linux
added 2021/07/22 3:14 p.m.7 views

nodejs-underscore: Arbitrary code execution via the template function

A flaw was found in nodejs-underscore. Arbitrary code execution via the template function is possible, particularly when a variable property is passed as an argument as it is not sanitized. The highest threat from this vulnerability is to data confidentiality and integrity as well as system...

7.2CVSS7.5AI score0.04087EPSS
Exploits2References4
Huntr
Huntr
added 2021/07/19 3:9 a.m.14 views

Cross-site Scripting (XSS) - DOM in alovoa/alovoa

✍️ Description It is possible to run JavaScript code in the webpage by DOM unsanitized properties. The function onChangeLocal sets the value of window.location.search directly from the URL, without previous checks. 🕵️‍♂️ Proof of Concept // Vulnerable function in file fragments.html:139 function...

7AI score
Exploits0References1
OSV
OSV
added 2021/05/06 4:9 p.m.3 views

GHSA-CF4H-3JHX-XVHQ Arbitrary Code Execution in underscore

The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Execution via the template function, particularly when a variable property is passed as an argument as it is not sanitized...

9.8CVSS6.8AI score0.04087EPSS
Exploits2References31
Rows per page
Query Builder