CVE-2022-39382

Keystone is a headless CMS for Node.js — built with GraphQL and React.`@keystone-6/core@3.0.0 || 3.0.1` users that use `NODE_ENV` to trigger security-sensitive functionality in their production buil ...

Continue Reading

CVSS3 - CRITICAL

CVE-2022-41876

ezplatform-graphql is a GraphQL server implementation for Ibexa DXP and Ibexa Open Source. Versions prior to 2.3.12 and 1.0.13 are subject to Insecure Storage of Sensitive Information. Unauthenticated ...

Continue Reading
GraphQL queries can expose password hashes

### Impact Unauthenticated GraphQL queries for user accounts can expose password hashes of users that have created or modified content, typically but not necessarily limited to administrators and edit ...

Continue Reading
GraphQL queries can expose password hashes

### Impact Unauthenticated GraphQL queries for user accounts can expose password hashes of users that have created or modified content, typically but not necessarily limited to administrators and edit ...

Continue Reading
ezplatform-admin-ui vulnerable to Cross-Site Scripting (XSS)

It is possible to inject JavaScript XSS in the content type entries "name" and "short name". To exploit this, one must already have permission to edit content types, which limits it in many cases to p ...

Continue Reading
ezplatform-admin-ui vulnerable to Cross-Site Scripting (XSS)

It is possible to inject JavaScript XSS in the content type entries "name" and "short name". To exploit this, one must already have permission to edit content types, which limits it in many cases to p ...

Continue Reading
ezplatform-graphql GraphQL queries can expose password hashes

### Impact Unauthenticated GraphQL queries for user accounts can expose password hashes of users that have created or modified content, typically but not necessarily limited to administrators and edit ...

Continue Reading
ezplatform-graphql GraphQL queries can expose password hashes

### Impact Unauthenticated GraphQL queries for user accounts can expose password hashes of users that have created or modified content, typically but not necessarily limited to administrators and edit ...

Continue Reading

Back to Main

Subscribe for the latest news:
Generated by Feedzy