CVE-2007-6758
https://notcve.org/view.php?id=CVE-2007-6758
Server-side request forgery (SSRF) vulnerability in feed-proxy.php in extjs 5.0.0. Vulnerabilidad de tipo server-side request forgery (SSRF) en el archivo feed-proxy.php en extjs versión 5.0.0. • http://attrition.org/pipermail/vim/2007-April/001545.html http://cxsecurity.com/issue/WLB-2015050162 • CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2013-4691
https://notcve.org/view.php?id=CVE-2013-4691
Sencha Labs Connect has XSS with connect.methodOverride() Sencha Labs Connect tiene una vulnerabilidad de tipo XSS con la función connect.methodOverride(). • http://github.com/senchalabs/connect/issues/831 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2013-7371
https://notcve.org/view.php?id=CVE-2013-7371
node-connects before 2.8.2 has cross site scripting in Sencha Labs Connect middleware (vulnerability due to incomplete fix for CVE-2013-7370) node-connects versiones anteriores a 2.8.2, presenta una vulnerabilidad de tipo cross site scripting en el middleware de Sencha Labs Connect (vulnerabilidad debido a una corrección incompleta para el CVE-2013-7370) • http://www.openwall.com/lists/oss-security/2014/04/21/2 http://www.openwall.com/lists/oss-security/2014/05/13/1 https://access.redhat.com/security/cve/cve-2013-7371 https://exchange.xforce.ibmcloud.com/vulnerabilities/92710 https://nodesecurity.io/advisories/methodOverride_Middleware_Reflected_Cross-Site_Scripting https://security-tracker.debian.org/tracker/CVE-2013-7371 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2013-7370
https://notcve.org/view.php?id=CVE-2013-7370
node-connect before 2.8.1 has XSS in the Sencha Labs Connect middleware node-connect versiones anteriores a 2.8.1, presenta una vulnerabilidad de tipo XSS en el middleware Sencha Labs Connect. • http://www.openwall.com/lists/oss-security/2014/04/21/2 http://www.openwall.com/lists/oss-security/2014/05/13/1 https://access.redhat.com/security/cve/cve-2013-7370 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-7370 https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-7370 https://nodesecurity.io/advisories/methodOverride_Middleware_Reflected_Cross-Site_Scripting https://security-tracker.debian.org/tracker/CVE-2013-7370 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-8046
https://notcve.org/view.php?id=CVE-2018-8046
The getTip() method of Action Columns of Sencha Ext JS 4 to 6 before 6.6.0 is vulnerable to XSS attacks, even when passed HTML-escaped data. This framework brings no built-in XSS protection, so the developer has to ensure that data is correctly sanitized. However, the getTip() method of Action Columns takes HTML-escaped data and un-escapes it. If the tooltip contains user-controlled data, an attacker could exploit this to create a cross-site scripting attack, even when developers took precautions and escaped data. El método getTip() de Action Columns de Sencha Ext JS de la versión 4 a la 6 antes de la 6.6.0 es vulnerable a ataques de Cross-Site Scripting (XSS), incluso cuando se pasan datos escapados por HTML. • http://examples.sencha.com/extjs/6.6.0/release-notes.html http://seclists.org/fulldisclosure/2018/Jul/8 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •