github.com/mattermost/mattermost-server is vulnerable to Cross-Site Scripting (XSS) attacks. An attacker is able to send AJAX requests on behalf of the victim through OAuth flow completion endpoints v ...
Continue Reading27 марта, 2023
## Summary: Path traversal in OAuth `redirect_uri` which can lead to users authorization code being leaked to any malicious user. The following authorization code flow request is generated at booth lo ...
Continue Reading22 марта, 2023
![](https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2020/09/09131757/abstract_random_red_code-990x400.jpg) Since the start of the Russo-Ukrainian conflict, [Kaspersky researchers]() ...
Continue Reading21 марта, 2023
This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will b ...
Continue Reading20 марта, 2023
This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will b ...
Continue Reading20 марта, 2023
A reflected cross-site scripting vulnerability in the OAuth flow completion endpoints in Mattermost allows an attacker to send AJAX requests on behalf of the victim via sharing a crafted link with a m ...
Continue Reading16 марта, 2023
next-auth is vulnerable to Cross-Site Request Forgery (CSRF). The vulnerability exists due to the missing `state`, `nonce`, and `PKCE` checks for OAuth authentication, which allows an attacker to bypa ...
Continue Reading15 марта, 2023
rami.io pretix before 4.17.1 allows OAuth application authorization from a logged-out session. The fixed versions are 4.15.1, 4.16.1, and 4.17.1.Read More ...
Continue Reading14 марта, 2023
Back to Main