Explore packages and vulnerabilities by …
Operating system
Infrastructure as Code
Vulnerabilities from the last week
Cross-site Scripting (XSS)
SECURITY REVIEW NEEDEDLIMITEDSUSTAINABLELIMITED
Affects
@haxtheweb/haxcms-nodejs is a HAXcms nodejs backend
Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the processing of uploaded .html files. An attacker can execute arbitrary JavaScript in the context of another user's session by uploading .html files containing a JavaScript payload. Subsequently, the attacker can obtain a valid administrator JWT and can take full control of the application
Cross-site Scripting (XSS)
Affects
nicegui is a Create web-based user interfaces with Python. The nice way.
Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the pushstate event listener, which allows manipulation of the URL fragment identifier. An attacker can execute arbitrary JavaScript in the context of the affected application by embedding the target site in an iframe and altering the fragment portion of the URL.
Improper Neutralization of Special Elements Used in a Template Engine
Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine via the getTemplate function. An attacker can execute arbitrary code on the server by injecting malicious FreeMarker templates through the email template editing API when authenticated with administrative privileges.
Note: This is only exploitable if the attacker has access to an account with admin-level permissions.
Recent vulnerabilities disclosed by Snyk
- H
Prototype Pollution in pace-js (npm)- C
Remote Code Execution (RCE) in n8n-workflow (npm)- C
Remote Code Execution (RCE) in n8n-nodes-base (npm)- C
Remote Code Execution (RCE) in @n8n/config (npm)- M
Cross-site Request Forgery (CSRF) in fastapi-sso (pip)
Snyk security
researchers
have disclosed
3455
vulnerabilities
About Snyk dependencies vulnerability database
Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.
