Security
Headlines
HeadlinesLatestCVEs

Tag

#nodejs

CVE-2023-46494: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in @evershop/evershop - Cx8ecec391-2014 - DevHub

Cross Site Scripting vulnerability in EverShop NPM versions before v.1.0.0-rc.5 allows a remote attacker to obtain sensitive information via a crafted request to the ProductGrid function in admin/productGrid/Grid.jsx.

CVE
Open in Source
#xss#vulnerability#web#nodejs#js
CVE-2023-46499: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in @evershop/evershop - Cx0f8b38be-d5de - DevHub

Cross Site Scripting vulnerability in EverShop NPM versions before v.1.0.0-rc.5 allows a remote attacker to obtain sensitive information via a crafted scripts to the Admin Panel.

CVE-2023-46498: Improper Authorization in @evershop/evershop - Cx8b24ace3-0c9a - DevHub

An issue in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information and execute arbitrary code via the /deleteCustomer/route.json file.

CVE-2023-46497: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in @evershop/evershop - Cx16846793-56b6 - DevHub

Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the mkdirSync function in the folderCreate/createFolder.js endpoint.

CVE-2023-46495: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in @evershop/evershop - Cxbc6d4599-c1bd - DevHub

Cross Site Scripting vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the sortBy parameter.

CVE-2023-46496: Relative Path Traversal in @evershop/evershop - Cx943be66a-54cc - DevHub

Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the DELETE function in api/files endpoint.

CVE-2023-46493: Relative Path Traversal in @evershop/evershop - Cxa4d94170-be41 - DevHub

Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the readDirSync function in fileBrowser/browser.js.

CVE-2023-45085: Releases - HyperCloud Docs

An issue exists in SoftIron HyperCloud where compute nodes may come online immediately without following the correct initialization process.  In this instance, workloads may be scheduled on these nodes and deploy to a failed or erroneous state, which impacts the availability of these workloads that may be deployed during this time window. This issue impacts HyperCloud versions from 2.0.0 to before 2.0.3.

15,000 Go Module Repositories on GitHub Vulnerable to Repojacking Attack

New research has found that over 15,000 Go module repositories on GitHub are vulnerable to an attack called repojacking. "More than 9,000 repositories are vulnerable to repojacking due to GitHub username changes," Jacob Baines, chief technology officer at VulnCheck, said in a report shared with The Hacker News. "More than 6,000 repositories were vulnerable to repojacking due to account

GHSA-4g6q-77j7-vvjc: Logging of the firestore key within nodejs-firestore

A potential logging of the firestore key via logging within nodejs-firestore exists - Developers who were logging objects through this._settings would be logging the firestore key as well potentially exposing it to anyone with logs read access. We recommend upgrading to version 6.1.0 to avoid this issue