20 matches found
MAL-2026-2351 Malicious code in dotenv-xtend (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d6523f1fff137b4db7fd0ed316a5d88d808ecb32bf0456c9977cdae82564f15d The package dotenv-xtend was found to contain malicious code...
Malicious code in dotenv-xtend (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d6523f1fff137b4db7fd0ed316a5d88d808ecb32bf0456c9977cdae82564f15d The package dotenv-xtend was found to contain malicious code...
EUVD-2020-16362
Malware in sbrugna...
EUVD-2022-5161
Malicious code in bioql PyPI...
CVE-2020-23618
A reflected cross site scripting XSS vulnerability in Xtend Voice Logger 1.0 allows attackers to execute arbitrary web scripts or HTML, via the path of the error page...
GHSA-RFJ2-4G26-7JW5 Potentially compromised builds
All Xtext & Xtend versions prior to 2.18.0 were built using HTTP instead of HTTPS file transfer and thus the built artifacts may have been compromised...
CVE-2019-10249
All Xtext & Xtend versions prior to 2.18.0 were built using HTTP instead of HTTPS file transfer and thus the built artifacts may have been compromised...
Xtend Cross-Site Scripting Vulnerability
Xtend is a general-purpose high-level programming language for the Eclipse Foundation's Java Virtual Machine. Xtend Voice Logger version 1.0 has a security vulnerability that stems from a cross-site scripting vulnerability in the error page. An attacker can use the vulnerability to execute...
CVE-2020-23618
A reflected cross site scripting XSS vulnerability in Xtend Voice Logger 1.0 allows attackers to execute arbitrary web scripts or HTML, via the path of the error page...
CVE-2020-23618
A reflected cross site scripting XSS vulnerability in Xtend Voice Logger 1.0 allows attackers to execute arbitrary web scripts or HTML, via the path of the error page...
Cross site scripting
A reflected cross site scripting XSS vulnerability in Xtend Voice Logger 1.0 allows attackers to execute arbitrary web scripts or HTML, via the path of the error page...
CVE-2020-23618
A reflected cross site scripting XSS vulnerability in Xtend Voice Logger 1.0 allows attackers to execute arbitrary web scripts or HTML, via the path of the error page...
CVE-2020-23618
CVE-2020-23618: Reflected XSS in Xtend Voice Logger 1.0 . Multiple connected records confirm a reflected cross-site scripting vulnerability in the error page path of Xtend Voice Logger 1.0, enabling attackers to execute arbitrary web scripts/HTML in a victim’s browser. The CVE is documented with ...
Xtend 跨站脚本漏洞
Xtend is a general-purpose high-level programming language for the Eclipse Foundation's Java Virtual Machine. Xtend Voice Logger version 1.0 has a security vulnerability that stems from a cross-site scripting vulnerability in the error page. An attacker can use the vulnerability to execute...
Man-in-the-Middle (MitM)
Xtend Maven Plugin is vulnerable to man-in-the-middle MitM attack. The plugins are downloaded over an insecure HTTP channel, which would allow a man-in-the-middle attacker to modify and add malicious code into the plugins...
CVE-2019-10249
All Xtext & Xtend versions prior to 2.18.0 were built using HTTP instead of HTTPS file transfer and thus the built artifacts may have been compromised...
Design/Logic Flaw
All Xtext & Xtend versions prior to 2.18.0 were built using HTTP instead of HTTPS file transfer and thus the built artifacts may have been compromised...
CVE-2019-10249
All Xtext & Xtend versions prior to 2.18.0 were built using HTTP instead of HTTPS file transfer and thus the built artifacts may have been compromised...
CVE-2019-10249
All Xtext & Xtend versions prior to 2.18.0 were built using HTTP instead of HTTPS file transfer and thus the built artifacts may have been compromised...
CVE-2019-10249
CVE-2019-10249 affects all Xtext and Xtend versions prior to 2.18.0 where artifacts were built over HTTP instead of HTTPS, creating a risk that build artifacts could be compromised. The connected sources corroborate a MITM-style risk during builds and describe a remediation: upgrade to org.eclips...