Improperly Controlled Modification of Object Prototype Attributes (‘Prototype Pollution’) in purl 2.3.2 allows a malicious user to inject properties into Object.prototype. Date published : 2021-04-23 https://github.com/BlackFan/client-side-prototype-pollution/blob/master/pp/purl.md
Improperly Controlled Modification of Object Prototype Attributes (‘Prototype Pollution’) in mootools-more 1.6.0 allows a malicious user to inject properties into Object.prototype. Date published : 2021-04-23 https://github.com/BlackFan/client-side-prototype-pollution/blob/master/pp/mootools-more.md
Improperly Controlled Modification of Object Prototype Attributes (‘Prototype Pollution’) in jquery-deparam 0.5.1 allows a malicious user to inject properties into Object.prototype. Date published : 2021-04-23 https://github.com/BlackFan/client-side-prototype-pollution/blob/master/pp/jquery-deparam.md
Improperly Controlled Modification of Object Prototype Attributes (‘Prototype Pollution’) in jquery-bbq 1.2.1 allows a malicious user to inject properties into Object.prototype. Date published : 2021-04-23 https://github.com/BlackFan/client-side-prototype-pollution/blob/master/pp/jquery-bbq.md
Improperly Controlled Modification of Object Prototype Attributes (‘Prototype Pollution’) in backbone-query-parameters 0.4.0 allows a malicious user to inject properties into Object.prototype. Date published : 2021-04-23 https://github.com/BlackFan/client-side-prototype-pollution/blob/master/pp/backbone-qp.md
Improperly Controlled Modification of Object Prototype Attributes (‘Prototype Pollution’) in jquery-sparkle 1.5.2-beta allows a malicious user to inject properties into Object.prototype. Date published : 2021-04-23 https://github.com/BlackFan/client-side-prototype-pollution/blob/master/pp/jquery-sparkle.md
Improperly Controlled Modification of Object Prototype Attributes (‘Prototype Pollution’) in jquery-plugin-query-object 2.2.3 allows a malicious user to inject properties into Object.prototype. Date published : 2021-04-23 https://github.com/BlackFan/client-side-prototype-pollution/blob/master/pp/jquery-query-object.md
Missing check in UIDL request handler in com.vaadin:flow-server versions 1.0.0 through 1.0.5 (Vaadin 10.0.0 through 10.0.7, and 11.0.0 through 11.0.2) allows attacker to update element property values via crafted synchronization message. Date published :...
Missing variable sanitization in Grid component in com.vaadin:vaadin-server versions 7.4.0 through 7.7.19 (Vaadin 7.4.0 through 7.7.19), and 8.0.0 through 8.8.4 (Vaadin 8.0.0 through 8.8.4) allows attacker to inject malicious JavaScript via unspecified vector Date...
Missing output sanitization in default RouteNotFoundError view in com.vaadin:flow-server versions 1.0.0 through 1.0.10 (Vaadin 10.0.0 through 10.0.13), and 1.1.0 through 1.4.2 (Vaadin 11.0.0 through 13.0.5) allows attacker to execute malicious JavaScript via crafted URL...
By launching the drb_remote_codeexec exploit, a Metasploit Framework user will inadvertently expose Metasploit to the same deserialization issue that is exploited by that module, due to the reliance on the vulnerable Distributed Ruby class...
An XML External Entities (XXE)vulnerability in Callback Assist could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. The affected versions of Callback Assist includes...
An XML External Entities (XXE)vulnerability in the web-based user interface of Avaya Aura Orchestration Designer could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system....
A command injection vulnerability in Avaya Session Border Controller for Enterprise could allow an authenticated, remote attacker to send specially crafted messages and execute arbitrary commands with the affected system privileges. Affected versions of...