43 matches found
EUVD-2020-29206
Malware in sbrugna...
EUVD-2019-0095
Malware in sbrugna...
EUVD-2022-3464
Malicious code in bioql PyPI...
cross-site inclusion (XSSI) of files in jupyter-server
Impact Improper cross-site credential checks on /files/ URLs could allow exposure of certain file contents, or accessing files when opening untrusted files via "Open image in new tab". Patches Jupyter Server 2.7.2 Workarounds Use lower performance...
CVE-2023-40170 cross-site inclusion (XSSI) of files in jupyter-server
jupyter-server is the backend for Jupyter web applications. Improper cross-site credential checks on /files/ URLs could allow exposure of certain file contents, or accessing files when opening untrusted files via "Open image in new tab". This issue has been addressed in commit 87a49272728 which h...
CVE-2023-40170 cross-site inclusion (XSSI) of files in jupyter-server
jupyter-server is the backend for Jupyter web applications. Improper cross-site credential checks on /files/ URLs could allow exposure of certain file contents, or accessing files when opening untrusted files via "Open image in new tab". This issue has been addressed in commit 87a49272728 which h...
Mageia: Security Advisory (MGASA-2022-0323)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-5585-1: Jupyter Notebook vulnerabilities
It was discovered that Jupyter Notebook incorrectly handled certain notebooks. An attacker could possibly use this issue of lack of Content Security Policy in Nbconvert to perform cross-site scripting XSS attacks on the notebook server. This issue only affected Ubuntu 18.04 LTS. CVE-2018-19351 It...
Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Jupyter Notebook vulnerabilities (USN-5585-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5585-1 advisory. It was discovered that Jupyter Notebook incorrectly handled certain notebooks. An attacker could possibly use this issue of lack ...
GHSA-9XFC-J5MF-9W5P JacksonJsonpInterceptor susceptible to cross-site script inclusion (XSSI) attack
JacksonJsonpInterceptor in RESTEasy might allow remote attackers to conduct a cross-site script inclusion XSSI attack...
JacksonJsonpInterceptor susceptible to cross-site script inclusion (XSSI) attack
JacksonJsonpInterceptor in RESTEasy might allow remote attackers to conduct a cross-site script inclusion XSSI attack...
Improper Neutralization of Input During Web Page Generation in Jupyter Notebook
An XSSI cross-site inclusion vulnerability in Jupyter Notebook before 5.7.6 allows inclusion of resources on malicious pages when visited by users who are authenticated with a Jupyter server. Access to the content of resources has been demonstrated with Internet Explorer through capturing of erro...
Cross-Site Script Inclusion (XSSI)
A Cross Site Script Inclusion XSSI is the inclusion of a remote page. This vulnerability allows, among other things, to bypass the Same-Origin Policy mechanism of the browser. By forcing a victim to navigate to a malicious site, rather than making a direct request with JavaScript to the desired...
CVE-2020-8339
A cross-site scripting inclusion XSSI vulnerability was reported in the legacy IBM BladeCenter Advanced Management Module AMM web interface prior to version 3.68n BPET68N. This vulnerability could allow an authenticated user's AMM credentials to be disclosed if the user is convinced to visit a...
Cross site scripting
A cross-site scripting inclusion XSSI vulnerability was reported in the legacy IBM BladeCenter Advanced Management Module AMM web interface prior to version 3.68n BPET68N. This vulnerability could allow an authenticated user's AMM credentials to be disclosed if the user is convinced to visit a...
CVE-2020-8339
The CVE-2020-8339 XSSI vulnerability affects the legacy IBM BladeCenter Advanced Management Module (AMM) web interface prior to firmware 3.68n. An authenticated user can have credentials disclosed if lured to a malicious site (phishing) due to XSSI in AMM’s web UI; the JavaScript executes in the ...
XSSI Vulnerability in legacy IBM BladeCenter AMM - Lenovo Support US
Lenovo Security Advisory: LEN-38385 Potential Impact: Information disclosure Severity: Medium Scope of Impact: Lenovo-specific CVE Identifier: CVE-2020-8339 Summary Description: A cross-site scripting inclusion XSSI vulnerability was reported in the legacy IBM BladeCenter Advanced Management Modu...
XSSI Vulnerability in legacy IBM BladeCenter AMM - Lenovo Support US
No description provided...
LKWA - Lesser Known Web Attack Lab
Lesser Known Web Attack Lab is for intermediate pentester that can test and practice lesser known web attacks such as Object Injection, XSSI, PHAR Deserialization, variables variable ..etc. Write-ups are welcome. Installation Just clone the git with git clone https://github.com/weev3/LKWA and mov...
PayPal: Token leak in security challenge flow allows retrieving victim's PayPal email and plain text password
A bug was identified whereby sensitive, unique tokens were being leaked in a JS file used by the recaptcha implementation. In certain cases, a user must solve a CAPTCHA challenge after authenticating. When the security challenge is completed, the authentication request is replayed to log in. The...