pS3ud0RAnD0m

2 exploits Active since Apr 2022

CVE-2024-4367 NOMISEC HIGH WORKING POC

Firefox < 126 and ESR < 115.11 - Arbitrary JavaScript Execution in PDF.js via Missing Type Check

A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.

1 stars

CVSS 8.8

View Code

CVE-2022-24785 NOMISEC HIGH WORKING POC

Moment.js 1.0.1-2.29.1 - Path Traversal via Locale Switching

Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm (server) users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale. This problem is patched in 2.29.2, and the patch can be applied to all affected versions. As a workaround, sanitize the user-provided locale name before passing it to Moment.js.

1 stars

CVSS 7.5

View Code