npm package
rambox
pkg:npm/rambox
Malware
2 malicious versions on record
One or more versions of this package have been flagged as containing malicious code. Audit any system that installed an affected version.
- GHSA-vm5j-gf9q-4qm9Malware in ramboxSep 20, 2023
- MAL-2023-8161Malicious code in rambox (npm)Sep 19, 2023
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-17625 | — | <= 0.6.9 | — | Oct 16, 2019 | There is a stored XSS in Rambox 0.6.9 that can lead to code execution. The XSS is in the name field while adding/editing a service. The problem occurs due to incorrect sanitization of the name field when being processed and stored. This allows a user to craft a payload for Node.j |
- CVE-2019-17625Oct 16, 2019affected <= 0.6.9
There is a stored XSS in Rambox 0.6.9 that can lead to code execution. The XSS is in the name field while adding/editing a service. The problem occurs due to incorrect sanitization of the name field when being processed and stored. This allows a user to craft a payload for Node.j