Security
Headlines
HeadlinesLatestCVEs

Tag

#js

CVE-2020-23257: IIlegal memory access may lead to arbitrary memory write inside jsvGarbageCollectMarkUsed · Issue #1820 · espruino/Espruino

Buffer Overflow vulnerability found in Espruino 2v05.41 allows an attacker to cause a denial of service via the function jsvGarbageCollectMarkUsed in file src/jsvar.c.

CVE
#vulnerability#ubuntu#linux#dos#js#c++#buffer_overflow
CVE-2020-22533: XSS vulnerability in all versions of zentao · Issue #1 · liuyusjs/zentao

Cross Site Scripting vulnerability found in Zentao allows a remote attacker to execute arbitrary code via the lang parameter

CVE-2020-20913: search has SQL injection vulnerability · Issue #27 · ming-soft/MCMS

SQL Injection vulnerability found in Ming-Soft MCMS v.4.7.2 allows a remote attacker to execute arbitrary code via basic_title parameter.

CVE-2020-19698: XSS vulnerability found via <script> src attribute · Issue #700 · pandao/editor.md

Cross Site Scripting vulnerability found in Pandao Editor.md v.1.5.0 allows a remote attacker to execute arbitrary code via a crafted script to the editor parameter.

CVE-2021-3267: File upload vulnerability leads to getshell · Issue #6 · Kitesky/KiteCMS

File Upload vulnerability found in KiteCMS v.1.1 allows a remote attacker to execute arbitrary code via the uploadFile function.

CVE-2020-23260

An issue found in Jsish v.3.0.11 and before allows an attacker to cause a denial of service via the StringReplaceCmd function in the src/jsiChar.c file.

CVE-2020-23259

An issue found in Jsish v.3.0.11 and before allows an attacker to cause a denial of service via the Jsi_Strlen function in the src/jsiChar.c file.

CVE-2020-23258

An issue found in Jsish v.3.0.11 allows a remote attacker to cause a denial of service via the Jsi_ValueIsNumber function in ./src/jsiValue.c file.

CVE-2023-26777: Script tag in Footer Text breaks window.preloadData at Status Page · Issue #2186 · louislam/uptime-kuma

Cross Site Scripting vulnerability found in :ouislam Uptime Kuma v.1.19.6 and before allows a remote attacker to execute arbitrary commands via the description, title, footer, and incident creation parameter of the status_page.js endpoint.

CVE-2023-25305: Five vulnerabilities found in mrpack installer implementations

PolyMC Launcher <= 1.4.3 is vulnerable to Directory Traversal. A mrpack file can be maliciously crafted to create arbitrary files outside of the installation directory.