Description An administrator can craft a user with a malicious first name and last name, using a payload such as <svg onload="confirm(document.domain)">'); ?&g ...
Continue Reading
May 20, 2024
Description A user could create and share a resource with a malicious URI. When the victim opens with menu “Open URI in a new tab” function, the malicious page has access to the window.opener obje ...
Continue Reading
May 20, 2024
Description A user could create and share a resource with a malicious URI. When the victim opens with menu “Open URI in a new tab” function, the malicious page has access to the window.opener obje ...
Continue Reading
May 20, 2024
The service offered by Pusher provides "private" channels with an authentication mechanism that restricts subscription access. The decision on allowing subscriptions to private chann ...
Continue Reading
May 20, 2024
The service offered by Pusher provides "private" channels with an authentication mechanism that restricts subscription access. The decision on allowing subscriptions to private chann ...
Continue Reading
May 20, 2024
A Prototype Pollution issue in API Dev Tools json-schema-ref-parser v.11.0.0 and v.11.1.0 allows a remote attacker to execute arbitrary code via the bundle(), parse(), resolve(), dereference()...Read ...
Continue Reading
May 20, 2024
Gin-vue-admin has a code injection vulnerability in the backend. In the Plugin System -> Plugin Template feature, an attacker can perform directory traversal by manipulating the 'plugName& ...
Continue Reading
May 20, 2024
A Prototype Pollution issue in API Dev Tools json-schema-ref-parser v.11.0.0 and v.11.1.0 allows a remote attacker to execute arbitrary code via the bundle(),parse(),resolve(),dereference()...Read Mor ...
Continue Reading
May 20, 2024
Back to Main
