| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| helpers.py in Flask-Admin 1.5.2 has Reflected XSS via a crafted URL. |
| A cross-site scripting (XSS) vulnerability in the View Filters page (view_filters_page.php) and Edit Filter page (manage_filter_edit_page.php) in MantisBT 2.1.0 through 2.17.0 allows remote attackers to inject arbitrary code (if CSP settings permit it) through a crafted PATH_INFO. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-13055. |
| In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the setcolor function to crash the interpreter or possibly have unspecified other impact. |
| An issue was discovered in Artifex Ghostscript before 9.24. A type confusion in "ztype" could be used by remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact. |
| A prototype pollution vulnerability was found in module extend <2.0.2, ~<3.0.2 that allows an attacker to inject arbitrary properties onto Object.prototype. |
| A prototype pollution vulnerability was found in node.extend <1.1.7, ~<2.0.1 that allows an attacker to inject arbitrary properties onto Object.prototype. |
| A prototype pollution vulnerability was found in module mpath <0.5.1 that allows an attacker to inject arbitrary properties onto Object.prototype. |
| A prototype pollution vulnerability was found in just-extend <4.0.0 that allows attack to inject properties onto Object.prototype through its functions. |
| A prototype pollution vulnerability was found in defaults-deep <=0.2.4 that would allow a malicious user to inject properties onto Object.prototype. |
| A XSS vulnerability was found in module m-server <1.4.2 that allows malicious Javascript code or HTML to be executed, due to the lack of escaping for special characters in folder names. |
| A XSS vulnerability was found in html-page <=2.1.1 that allows malicious Javascript code to be executed in the user's browser due to the absence of sanitization of the paths before rendering. |
| A XSS vulnerability was found in module public <0.1.4 that allows malicious Javascript code to run in the browser, due to the absence of sanitization of the file/folder names before rendering. |
| A stored xss in tianma-static module versions <=1.0.4 allows an attacker to execute arbitrary javascript. |
| There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. Carefully crafted requests can impact the data returned by the `scheme` method on `Rack::Request`. Applications that expect the scheme to be limited to 'http' or 'https' and do not escape the return value could be vulnerable to an XSS attack. Note that applications using the normal escaping mechanisms provided by Rails may not impacted, but applications that bypass the escaping mechanisms, or do not use them may be vulnerable. |
| In the Loofah gem for Ruby, through v2.2.2, unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished. |
| A command injection vulnerability in the apex-publish-static-files npm module version <2.0.1 which allows arbitrary shell command execution through a maliciously crafted argument. |
| A command injection vulnerability in libnmapp package for versions <0.4.16 allows arbitrary commands to be executed via arguments to the range options. |
| A command Injection in ps package versions <1.0.0 for Node.js allowed arbitrary commands to be executed when attacker controls the PID. |
| An unescaped payload in exceljs <v1.6 allows a possible XSS via cell value when worksheet is displayed in browser. |
| PHP Scripts Mall Website Seller Script 2.0.5 has XSS via a keyword. NOTE: This may overlap with CVE-2018-6870 which has XSS via the Listings Search feature. |
