Page 2 of 13 results (0.003 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

Bad validation logic in the Dart SDK versions prior to 2.12.3 allow an attacker to use an XSS attack via DOM clobbering. The validation logic in dart:html for creating DOM nodes from text did not sanitize properly when it came across template tags. Una mala lógica de comprobación en el Dart SDK versiones anteriores a 2.12.3 permite a un atacante usar un ataque de tipo XSS por medio de DOM clobbering. La lógica de comprobación en dart: html para crear nodos DOM a partir de texto no se saneaban apropiadamente cuando se encontraba con etiquetas de plantilla • https://github.com/dart-lang/sdk/commit/ce5a1c2392debce967415d4c09359ff2555e3588 https://github.com/dart-lang/sdk/security/advisories/GHSA-3rfv-4jvg-9522 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2

An issue was discovered in the http package through 0.12.2 for Dart. If the attacker controls the HTTP method and the app is using Request directly, it's possible to achieve CRLF injection in an HTTP request. Se detectó un problema en el paquete http versiones hasta 0.12.2 para Dart. Si el atacante controla el método HTTP y la aplicación está usando una Request directamente, es posible lograr una inyección de CRLF en una petición HTTP • https://github.com/n0npax/CVE-2020-35669 https://github.com/dart-lang/http/blob/master/CHANGELOG.md#0133 https://github.com/dart-lang/http/issues/511 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •

CVSS: 6.1EPSS: 0%CPEs: 18EXPL: 0

An improper HTML sanitization in Dart versions up to and including 2.7.1 and dev versions 2.8.0-dev.16.0, allows an attacker leveraging DOM Clobbering techniques to skip the sanitization and inject custom html/javascript (XSS). Mitigation: update your Dart SDK to 2.7.2, and 2.8.0-dev.17.0 for the dev version. If you cannot update, we recommend you review the way you use the affected APIs, and pay special attention to cases where user-provided data is used to populate DOM nodes. Consider using Element.innerText or Node.text to populate DOM elements. Un saneamiento HTML inapropiado en Dart versiones hasta 2.7.1 y las versiones dev 2.8.0-dev.16.0, permite a un atacante aprovechar las técnicas DOM Clobbering para omitir el saneamiento e inyectar html/javascript personalizado (XSS). • https://github.com/dart-lang/sdk/security/advisories/GHSA-hfq3-v9pv-p627 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

NULL Pointer Dereference in PowerTCP WebServer for ActiveX 1.9.2 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted HTTP request. Una desreferencia del puntero NULL en PowerTCP WebServer para ActiveX versión 1.9.2 y anteriores, permite a atacantes remotos causar una denegación de servicio (bloqueo de aplicación) por medio de una petición HTTP diseñada. • http://www.securityfocus.com/bid/58940 https://exchange.xforce.ibmcloud.com/vulnerabilities/83310 • CWE-476: NULL Pointer Dereference •

CVSS: 5.0EPSS: 6%CPEs: 1EXPL: 3

Stack consumption vulnerability in dartwebserver.dll 1.9 and earlier, as used in Dart PowerTCP WebServer for ActiveX and other products, allows remote attackers to cause a denial of service (daemon crash) via a long request. Vulnerabilidad de consumo de pila en dartwebserver.dll v1.9 y anteriores, como se usan en Dart PowerTCP WebServer para ActiveX y otros productos, permite a atacantes remotos provocar una denegación de servicio (caída del demoni) a través de una petición larga. • https://www.exploit-db.com/exploits/37905 http://sadgeeksinsnow.blogspot.dk/2012/09/my-first-experiences-bug-hunting-part-1.html http://www.securityfocus.com/archive/1/524273 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •