19 matches found
CVE-2023-31136
PostgresNIO is a Swift client for PostgreSQL. Any user of PostgresNIO prior to version 1.14.2 connecting to servers with TLS enabled is vulnerable to a man-in-the-middle attacker injecting false responses to the client's first few queries, despite the use of TLS certificate verification and...
CVE-2025-31136
FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, it's possible to run arbitrary JavaScript on the feeds page. This occurs by combining a cross-site scripting XSS issue that occurs in f.php when SVG favicons are downloaded from an attacker-controlled feed containing tags...
CVE-2025-31136 FreshRSS vulnerable to Cross-site Scripting by <iframe>'ing a vulnerable same-origin page in a feed entry
FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, it's possible to run arbitrary JavaScript on the feeds page. This occurs by combining a cross-site scripting XSS issue that occurs in f.php when SVG favicons are downloaded from an attacker-controlled feed containing tags...
CVE-2025-31136 FreshRSS vulnerable to Cross-site Scripting by <iframe>'ing a vulnerable same-origin page in a feed entry
FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, it's possible to run arbitrary JavaScript on the feeds page. This occurs by combining a cross-site scripting XSS issue that occurs in f.php when SVG favicons are downloaded from an attacker-controlled feed containing tags...
CVE-2025-31136 FreshRSS vulnerable to Cross-site Scripting by <iframe>'ing a vulnerable same-origin page in a feed entry
FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, it's possible to run arbitrary JavaScript on the feeds page. This occurs by combining a cross-site scripting XSS issue that occurs in f.php when SVG favicons are downloaded from an attacker-controlled feed containing tags...
CVE-2022-31136
Bookwyrm is an open source social reading and reviewing program. Versions of Bookwyrm prior to 0.4.1 did not properly sanitize html being rendered to users. Unprivileged users are able to inject scripts into user profiles, book descriptions, and statuses. These vulnerabilities may be exploited as...
CVE-2024-31136
In JetBrains TeamCity before 2024.03 2FA could be bypassed by providing a special URL parameter...
CVE-2024-31136
In JetBrains TeamCity before 2024.03 2FA could be bypassed by providing a special URL parameter...
CVE-2024-31136
In JetBrains TeamCity before 2024.03 2FA could be bypassed by providing a special URL parameter...
CVE-2024-31136
CVE-2024-31136 affects JetBrains TeamCity prior to 2024.03. The issue allows bypassing two-factor authentication by supplying a special URL parameter, due to improper input validation on the authentication flow. The estimated impact under CVSS shows high confidentiality and integrity impact with ...
CVE-2023-31136
creationtimestamp| type| source ---|---|--- 2023-05-09 18:43:42+00:00| seen| https://t.me/cibsecurity/63623...
CVE-2023-31136 PostgresNIO processes unencrypted bytes from man-in-the-middle
PostgresNIO is a Swift client for PostgreSQL. Any user of PostgresNIO prior to version 1.14.2 connecting to servers with TLS enabled is vulnerable to a man-in-the-middle attacker injecting false responses to the client's first few queries, despite the use of TLS certificate verification and...
CVE-2023-31136
The CVE-2023-31136 entry concerns PostgresNIO prior to 1.14.2, where a MITM attacker could inject false responses to initial queries over TLS. The connected documents reinforce that the core issue is a MITM-like behavior when establishing a TLS-enabled PostgreSQL connection; PostgresNIO fixes beg...
CVE-2022-31136
creationtimestamp| type| source ---|---|--- 2022-07-07 22:15:31+00:00| seen| https://t.me/cibsecurity/45763...
CVE-2022-31136 Cross-site Scripting in BookWyrm
Bookwyrm is an open source social reading and reviewing program. Versions of Bookwyrm prior to 0.4.1 did not properly sanitize html being rendered to users. Unprivileged users are able to inject scripts into user profiles, book descriptions, and statuses. These vulnerabilities may be exploited as...
CVE-2022-31136 Cross-site Scripting in BookWyrm
Bookwyrm is an open source social reading and reviewing program. Versions of Bookwyrm prior to 0.4.1 did not properly sanitize html being rendered to users. Unprivileged users are able to inject scripts into user profiles, book descriptions, and statuses. These vulnerabilities may be exploited as...
CVE-2022-31136
Bookwyrm (an open source social reading app) is affected by CVE-2022-31136 due to improper sanitization of HTML rendered to users in profiles, book descriptions, and statuses before version 0.4.1. The root cause is inadequate HTML sanitization which enables cross-site scripting (XSS) by unprivile...
CVE-2021-31136
CVE-2021-31136 is rejected/not used and does not represent an active vulnerability entry.
CVE-2021-31136
...