Cross-site scripting (XSS) vulnerability in the DataTables plugin 1.10.8 and earlier for jQuery allows remote attackers to inject arbitrary web script or HTML via the scripts parameter to media/unit_testing/templates/6776.php.
Recommendation
Update to …
[ircdkit] ircdkit vulnerable to Denial of Service due to unhandled connection end event
Versions of ircdkit 1.0.3 and prior are vulnerable to a remote denial of service.
Recommendation
Upgrade to version 1.0.4.
References
https://github.com/Twipped/ircdkit/issues/1
https://github.com/Twipped/ircdkit/commit/f0cc6dc913ec17b499fa33a676bb72c…
[mysql] mysql Node.JS Module Vulnerable to Remote Memory Exposure
Versions of mysql before 2.14.0 are vulnerable to remove memory exposure.
Affected versions of mysql package allocate and send an uninitialized memory over the network when a number is provided as a password.
Only mysql running on Node.js versions belo…
[selenium-binaries] selenium-binaries downloads resources over HTTP
Versions of selenium-binaries prior to 0.15.0 insecurely download an executable over an unencrypted HTTP connection.
In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable …
[metascraper] metascraper before v5.2.0 vulnerable to stored cross-site scripting
Versions of metascraper prior to 5.2.0 are vulnerable to stored cross-site scripting (XSS).
Recommendation
Upgrade to version 5.2.0 or later.
References
https://nvd.nist.gov/vuln/detail/CVE-2018-3773
https://hackerone.com/reports/309367
https://www.np…