|
202831
|
7.2 |
HIGH
Network
|
chaijis
|
pathval
|
pathval before version 1.1.1 is vulnerable to prototype pollution.
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2020-7751
|
2024-11-21 14:37 |
2020-10-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202832
|
9.6 |
CRITICAL
Network
|
mit
|
scratch-svg-renderer
|
This affects the package scratch-svg-renderer before 0.2.0-prerelease.20201019174008. The loadString function does not escape SVG properly, which can be used to inject arbitrary elements into the DOM…
|
CWE-79
Cross-site Scripting
|
CVE-2020-7750
|
2024-11-21 14:37 |
2020-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202833
|
4.3 |
MEDIUM
Network
|
raiseitsolutions
|
rits_browser
|
User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of the Yandex Browser allows an attacker to obfuscate the true source of data as presented in the browse…
|
CWE-1021
Improper Restriction of Rendered UI Layers or Frames
|
CVE-2020-7371
|
2024-11-21 14:37 |
2020-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202834
|
4.3 |
MEDIUM
Network
|
boltbrowser
|
bolt_browser
|
User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of Danyil Vasilenko's Bolt Browser allows an attacker to obfuscate the true source of data as presented …
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-7370
|
2024-11-21 14:37 |
2020-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202835
|
4.3 |
MEDIUM
Network
|
yandex
|
yandex_browser
|
User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of the Yandex Browser allows an attacker to obfuscate the true source of data as presented in the browse…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-7369
|
2024-11-21 14:37 |
2020-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202836
|
4.3 |
MEDIUM
Network
|
ucweb
|
uc_browser
|
User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of UCWeb's UC Browser allows an attacker to obfuscate the true source of data as presented in the browse…
|
NVD-CWE-Other
|
CVE-2020-7364
|
2024-11-21 14:37 |
2020-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202837
|
4.3 |
MEDIUM
Network
|
ucweb
|
uc_browser
|
User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of UCWeb's UC Browser allows an attacker to obfuscate the true source of data as presented in the browse…
|
NVD-CWE-noinfo
|
CVE-2020-7363
|
2024-11-21 14:37 |
2020-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202838
|
7.6 |
HIGH
Network
|
osm-static-maps_project
|
osm-static-maps
|
This affects all versions of package osm-static-maps. User input given to the package is passed directly to a template without escaping ({{{ ... }}}). As such, it is possible for an attacker to injec…
|
CWE-79
CWE-74
Cross-site Scripting
Injection
|
CVE-2020-7749
|
2024-11-21 14:37 |
2020-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202839
|
8.1 |
HIGH
Network
|
ts.ed_project
|
ts.ed
|
This affects the package @tsed/core before 5.65.7. This vulnerability relates to the deepExtend function which is used as part of the utils directory. Depending on if user input is provided, an attac…
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2020-7748
|
2024-11-21 14:37 |
2020-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202840
|
6.3 |
MEDIUM
Network
|
lightning-viz
|
lightning
|
This affects all versions of package lightning-server. It is possible to inject malicious JavaScript code as part of a session controller.
|
CWE-79
Cross-site Scripting
|
CVE-2020-7747
|
2024-11-21 14:37 |
2020-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
