39 matches found
EUVD-2021-2435
Malware in sbrugna...
EUVD-2022-2573
Malicious code in bioql PyPI...
EUVD-2023-1747
Malicious code in bioql PyPI...
ChanCMS 安全漏洞
ChanCMS is a content management system by yanyutao0402 individual developer in China. A security vulnerability exists in ChanCMS 3.1.2 and earlier versions, which originates from a path traversal due to a misbehavior of the function delfile in the file app/extend/utils.js...
CVE-2023-26133
All versions of the package progressbar.js are vulnerable to Prototype Pollution via the function extend in the file utils.js...
CVE-2021-3815
utils.js is vulnerable to Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution'...
MAL-2024-7883 Malicious code in layout-utils.js (npm)
The package contains a preinstall hook to execute unhook.js, which has cryptocurrency stealing functionality...
Malicious code in layout-utils.js (npm)
The package contains a preinstall hook to execute unhook.js, which has cryptocurrency stealing functionality...
Prototype Pollution
progressbar.js is vulnerable to Prototype Pollution. The vulnerability exists in extend function at utils.js which allows an attacker to inject and modify malicious properties such as proto, resulting in prototype pollution...
GHSA-89QM-HM2X-MXM3 progressbar.js vulnerable to Prototype Pollution
All versions of the package progressbar.js prior to 1.1.1 are vulnerable to Prototype Pollution via the function extend in the file utils.js...
CVE-2023-26133
All versions of the package progressbar.js are vulnerable to Prototype Pollution via the function extend in the file utils.js...
CVE-2023-26133
All versions of the package progressbar.js are vulnerable to Prototype Pollution via the function extend in the file utils.js...
CVE-2023-26133
Progressbar.js (package) is affected by a Prototype Pollution vulnerability via extend() in utils.js. All versions prior to 1.1.1 are vulnerable; a fix takes effect in 1.1.1 and later. If exploiting details are provided in the connected docs, remediation is to upgrade to 1.1.1 or newer. Other sou...
ProgressBar.js 安全漏洞
ProgressBar.js is a responsive progress bar by Kimmo Brunfeldt Personal Developer. ProgressBar.js has a security vulnerability that stems from easy prototype contamination via the function extend in the file utils.js...
PT-2023-20512 · Unknown · Progressbar.Js
Name of the Vulnerable Software and Affected Versions: progressbar.js versions prior to 1.1.1 Description: The issue concerns Prototype Pollution via the extend function in the utils.js file. This affects the progressbar.js package. Recommendations: For versions prior to 1.1.1, update to version...
Cross site scripting
A vulnerability was found in icplayer up to 0.818. It has been rated as problematic. Affected by this issue is some unknown functionality of the file addons/Commons/src/tts-utils.js. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 0.819 is...
CVE-2022-4929 icplayer tts-utils.js cross site scripting
A vulnerability was found in icplayer up to 0.818. It has been rated as problematic. Affected by this issue is some unknown functionality of the file addons/Commons/src/tts-utils.js. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 0.819 is...
PT-2023-15916 · Icplayer · Icplayer
Name of the Vulnerable Software and Affected Versions: icplayer versions up to 0.818 Description: A vulnerability was found in icplayer, affecting some unknown functionality of the file addons/Commons/src/tts-utils.js. The manipulation leads to cross site scripting. The attack may be launched...
Privilege Escalation
nodebb is vulnerable to privilege escalation. The vulnerability exists due to the insecure pseudo-random number generator in the module.exports function of utils.js, allowing an attacker to provide a specially crafted script combined with multiple invocations of the password reset functionality a...
Cross-site Scripting (XSS)
joplin is vulnerable to cross-site scripting. The vulnerability exists because the surroundKeywords function of string-utils.js does not properly escape the malicious html codes in valueRegex and value parameters, allowing an attacker to inject and execute malicious javascript...