Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Startsharp Security Vulnerabilities

cve
cve

CVE-2023-31285

An XSS issue was discovered in Serenity Serene (and StartSharp) before 6.7.0. When users upload temporary files, some specific file endings are not allowed, but it is possible to upload .html or .htm files containing an XSS payload. The resulting link can be sent to an administrator...

6.1CVSS

6AI Score

0.001EPSS

2023-04-27 03:15 AM
24
cve
cve

CVE-2023-31286

An issue was discovered in Serenity Serene (and StartSharp) before 6.7.0. When a password reset request occurs, the server response leaks the existence of users. If one tries to reset a password of a non-existent user, an error message indicates that this user does not...

5.3CVSS

5.5AI Score

0.001EPSS

2023-04-27 03:15 AM
22
cve
cve

CVE-2023-31287

An issue was discovered in Serenity Serene (and StartSharp) before 6.7.0. Password reset links are sent by email. A link contains a token that is used to reset the password. This token remains valid even after the password reset and can be used a second time to change the password of the...

7.8CVSS

7.4AI Score

0.0004EPSS

2023-04-27 03:15 AM
22