CVE-2013-7452 (node.js)
The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via a crafted javascript URI.
Source: CVE-2013-7452 (node.js)
[월:] 2017년 01월
CVE-2016-0765 (eshop_plugin)
CVE-2016-0765 (eshop_plugin)
Multiple cross-site scripting (XSS) vulnerabilities in eshop-orders.php in the eShop plugin 6.3.14 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page or (2) action parameter.
Source: CVE-2016-0765 (eshop_plugin)
CVE-2015-8971 (debian_linux, terminology)
CVE-2015-8971 (debian_linux, terminology)
Terminology 0.7.0 allows remote attackers to execute arbitrary commands via escape sequences that modify the window title and then written to the terminal, a similar issue to CVE-2003-0063.
CVE-2013-7453 (node.js)
CVE-2013-7453 (node.js)
The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via vectors related to UI redressing.
Source: CVE-2013-7453 (node.js)
CVE-2015-8859 (node.js)
CVE-2015-8859 (node.js)
The send package before 0.11.1 for Node.js allows attackers to obtain the root path via unspecified vectors.
Source: CVE-2015-8859 (node.js)
CVE-2015-8315 (node.js)
CVE-2015-8315 (node.js)
The ms package before 0.7.1 for Node.js allows attackers to cause a denial of service (CPU consumption) via a long version string, aka a "regular expression denial of service (ReDoS)."
Source: CVE-2015-8315 (node.js)
CVE-2013-7454 (node.js)
CVE-2013-7454 (node.js)
The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via nested forbidden strings.
Source: CVE-2013-7454 (node.js)
CVE-2015-8860 (node.js)
CVE-2015-8860 (node.js)
The tar package before 2.0.0 for Node.js allows remote attackers to write to arbitrary files via a symlink attack in an archive.
Source: CVE-2015-8860 (node.js)
CVE-2014-9772 (node.js)
CVE-2014-9772 (node.js)
The validator package before 2.0.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via hex-encoded characters.
Source: CVE-2014-9772 (node.js)
CVE-2015-4626
CVE-2015-4626
B.A.S C2Box before 4.0.0 (r19171) relies on client-side validation, which allows remote attackers to "corrupt the business logic" via a negative value in an overdraft.
Source: CVE-2015-4626