github.com/mattermost/mattermost-server is vulnerable to Cross-Site Scripting (XSS) attacks. An attacker is able to send AJAX requests on behalf of the victim through OAuth flow completion endpoints v ...
Continue Reading
27 марта, 2023
## Summary: Path traversal in OAuth `redirect_uri` which can lead to users authorization code being leaked to any malicious user. The following authorization code flow request is generated at booth lo ...
Continue Reading
22 марта, 2023
 Since the start of the Russo-Ukrainian conflict, [Kaspersky researchers]() ...
Continue Reading
21 марта, 2023
This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will b ...
Continue Reading
20 марта, 2023
This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will b ...
Continue Reading
20 марта, 2023
A reflected cross-site scripting vulnerability in the OAuth flow completion endpoints in Mattermost allows an attacker to send AJAX requests on behalf of the victim via sharing a crafted link with a m ...
Continue Reading
16 марта, 2023
next-auth is vulnerable to Cross-Site Request Forgery (CSRF). The vulnerability exists due to the missing `state`, `nonce`, and `PKCE` checks for OAuth authentication, which allows an attacker to bypa ...
Continue Reading
15 марта, 2023
rami.io pretix before 4.17.1 allows OAuth application authorization from a logged-out session. The fixed versions are 4.15.1, 4.16.1, and 4.17.1.Read More ...
Continue Reading
14 марта, 2023
Back to Main
