3 matches found
GHSA-4G46-5GRC-WQ49 Cross-Site Scripting in seeftl
All versions of seeftl are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize filenames, allowing attackers to execute arbitrary JavaScript in the victim's browser through files with names containing malicious code. Recommendation No fix is currently available. Consider using a...
Microsoft Windows PowerShell Command Execution
Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-POWERSHELL-UNSANITIZED-FILENAME-COMMAND-EXECUTION.txt + ISR: Apparition Security Vendor www.microsoft.com Product Windows PowerShell Windows PowerShell is a...
Cross-site Scripting (XSS)
buttle is vulnerable to cross-site scripting XSS attacks. The library does not sanitize filenames, allowing a malicious user to inject and execute arbitrary Javascript using a iframe tag as a filename...