14 matches found
EUVD-2024-51928
Malicious code in bioql PyPI...
EUVD-2024-51927
Malicious code in bioql PyPI...
SUSE CVE-2025-22150
Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses Math.random to choose the boundary for a multipart/form-data request. It is known that the output of Math.random can be predicted if several of its generated values are known. If...
CVE-2024-53272
Habitica is an open-source habit-building program. Versions prior to 5.28.5 are vulnerable to reflected cross-site scripting. The login and social media function in RegisterLoginReset.vue contains two reflected XSS vulnerabilities due to an incorrect sanitization function. An attacker can specify...
CVE-2024-53273
Habitica is an open-source habit-building program. Versions prior to 5.28.5 are vulnerable to reflected cross-site scripting. The register function in RegisterLoginReset.vue contains a reflected XSS vulnerability due to an incorrect sanitization function. An attacker can specify a malicious...
Habitica 跨站脚本漏洞
Habitica is an open source habit-forming program open-sourced by HabitRPG. A cross-site scripting vulnerability exists in Habitica versions prior to 5.28.5 that stems from incorrect cleanup functionality and is susceptible to reflective cross-site scripting attacks...
Habitica 跨站脚本漏洞
Habitica is an open source habit-forming program open-sourced by HabitRPG. A cross-site scripting vulnerability exists in Habitica versions prior to 5.28.5 that stems from incorrect cleanup functionality and is susceptible to reflective cross-site scripting attacks...
CVE-2024-53274 GHSL-2024-111: Reflected XSS in /home in habitica
Habitica is an open-source habit-building program. Versions prior to 5.28.5 are vulnerable to reflected cross-site scripting. The register function in home.vue containsa reflected XSS vulnerability due to an incorrect sanitization function. An attacker can specify a malicious redirectTo parameter...
CVE-2024-53274 GHSL-2024-111: Reflected XSS in /home in habitica
Habitica is an open-source habit-building program. Versions prior to 5.28.5 are vulnerable to reflected cross-site scripting. The register function in home.vue containsa reflected XSS vulnerability due to an incorrect sanitization function. An attacker can specify a malicious redirectTo parameter...
CVE-2024-53273
Habitica (open‑source app) has a reflected XSS in the /register path prior to version 5.28.5. The vulnerability arises from an incorrect sanitization in the RegisterLoginReset.vue component, allowing a malicious redirectTo parameter to trigger the attack and potentially gain control of a victim’s...
CVE-2024-53273 GHSL-2024-110: Reflected XSS in /register in habitica
Habitica is an open-source habit-building program. Versions prior to 5.28.5 are vulnerable to reflected cross-site scripting. The register function in RegisterLoginReset.vue contains a reflected XSS vulnerability due to an incorrect sanitization function. An attacker can specify a malicious...
CVE-2024-53272 GHSL-2024-109: Reflected XSS in /login in habitica
Habitica is an open-source habit-building program. Versions prior to 5.28.5 are vulnerable to reflected cross-site scripting. The login and social media function in RegisterLoginReset.vue contains two reflected XSS vulnerabilities due to an incorrect sanitization function. An attacker can specify...
CVE-2024-53272
Habitica (open-source habit tracker) is affected by a reflected XSS in versions before 5.28.5. The vulnerability occurs in the login and social media flows handled by RegisterLoginReset.vue, caused by an improper sanitization function. An attacker can craft a malicious redirectTo parameter in a l...
CVE-2024-53272 GHSL-2024-109: Reflected XSS in /login in habitica
Habitica is an open-source habit-building program. Versions prior to 5.28.5 are vulnerable to reflected cross-site scripting. The login and social media function in RegisterLoginReset.vue contains two reflected XSS vulnerabilities due to an incorrect sanitization function. An attacker can specify...