CVE-2024-36370

In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 stored XSS via OAuth connection settings was...Read More ...

Continue Reading
CVE-2024-4540 Keycloak: exposure of sensitive information in pushed authorization requests (par) kc_restart cookie

A flaw was found in Keycloak in OAuth 2.0 Pushed Authorization Requests (PAR). Client-provided parameters were found to be included in plain text in the KC_RESTART cookie returned by the authorization ...

Continue Reading
CVE-2024-36217 AMS XSS – /libs/granite/oauth/clientlibs/oauth/js/oauth.js (JS)

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable f ...

Continue Reading
CVE-2024-36236 DOM XSS in `libs/granite/oauth/clientlibs/clientlist/js/clientlist.js`

Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaS ...

Continue Reading
@strapi/plugin-users-permissions leaks 3rd party authentication tokens and authentication bypass

Summary By combining two vulnerabilities (an Open Redirect and session token sent as URL query parameter) in Strapi framework is its possible of an unauthenticated attacker to bypass authentication me ...

Continue Reading
@strapi/plugin-users-permissions leaks 3rd party authentication tokens and authentication bypass

Summary By combining two vulnerabilities (an Open Redirect and session token sent as URL query parameter) in Strapi framework is its possible of an unauthenticated attacker to bypass authentication me ...

Continue Reading
CVE-2024-5891

A vulnerability was found in Quay. If an attacker can obtain the client ID for an application, they can use an OAuth token to authenticate despite not having access to the organization from which the ...

Continue Reading
CVE-2024-5891

A vulnerability was found in Quay. If an attacker can obtain the client ID for an application, they can use an OAuth token to authenticate despite not having access to the organization from which the ...

Continue Reading

Back to Main

Subscribe for the latest news: