DanielRuf

3 exploits Active since Apr 2019
CVE-2019-11358 NOMISEC MEDIUM WRITEUP
jQuery < 3.4.0 - Prototype Pollution via jQuery.extend
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
29 stars
CVSS 6.1
CVE-2020-1102 NOMISEC HIGH WRITEUP
Microsoft SharePoint Enterprise Server - Remote Code Execution via Unchecked Application Package Markup
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1023, CVE-2020-1024.
27 stars
CVSS 8.8
CVE-2019-11358 NOMISEC MEDIUM WRITEUP
jQuery < 3.4.0 - Prototype Pollution via jQuery.extend
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
27 stars
CVSS 6.1