A Prototype Pollution issue in API Dev Tools json-schema-ref-parser v.11.0.0 and v.11.1.0 allows a remote attacker to execute arbitrary code via the bundle(), parse(), resolve(), dereference()...Read ...
Continue Reading
May 21, 2024
Passbolt sends e-mail to users to warn them about different type of events such as the creation, modification or deletion of a password. Those e-mails may contain user-specified input, such as a passw ...
Continue Reading
May 20, 2024
Passbolt sends e-mail to users to warn them about different type of events such as the creation, modification or deletion of a password. Those e-mails may contain user-specified input, such as a passw ...
Continue Reading
May 20, 2024
Passbolt uses three cookies: a session cookie, a CSRF protection cookie and a cookie to keep track of the multiple-factor authentication process. Both the session cookie and the mfa cookie are properl ...
Continue Reading
May 20, 2024
Passbolt uses three cookies: a session cookie, a CSRF protection cookie and a cookie to keep track of the multiple-factor authentication process. Both the session cookie and the mfa cookie are properl ...
Continue Reading
May 20, 2024
Passbolt provides a way for system administrators to generate a PGP key for the server during installation. The wizard requests a username, an e-mail address and an optional comment. No escaping or ve ...
Continue Reading
May 20, 2024
Passbolt provides a way for system administrators to generate a PGP key for the server during installation. The wizard requests a username, an e-mail address and an optional comment. No escaping or ve ...
Continue Reading
May 20, 2024
Description An administrator can craft a user with a malicious first name and last name, using a payload such as <svg onload="confirm(document.domain)">'); ?&g ...
Continue Reading
May 20, 2024
Back to Main
