Sql injection

Xibo is a content management system CMS. An SQL injection vulnerability was discovered in the /dataset/data/id API route inside the CMS starting in version 1.4.0 and prior to versions 2.3.17 and 3.3.5. This allows an authenticated user to exfiltrate data from the Xibo database by injecting...

CVE-2023-33178 Sensitive Information Disclosure abusing SQL Injection in Xibo CMS dataset filter

Xibo is a content management system CMS. An SQL injection vulnerability was discovered in the /dataset/data/id API route inside the CMS starting in version 1.4.0 and prior to versions 2.3.17 and 3.3.5. This allows an authenticated user to exfiltrate data from the Xibo database by injecting...

Design/Logic Flaw

NextAuth.js is a complete open source authentication solution for Next.js applications. In affected versions an attacker can send a request to an app using NextAuth.js with an invalid callbackUrl query parameter, which internally is converted to a URL object. The URL instantiation would fail due ...

CVE-2022-31093

NextAuth.js (for Next.js) contains a vulnerability where an invalid callbackUrl query parameter can be passed, causing the URL constructor to throw an unhandled error and leading to API route timeouts and login failures. This issue has concrete fixes: upgrading to versions 3.29.5 or 4.5.0 resolve...

CVE-2022-31093 Improper Handling of `callbackUrl` parameter in next-auth

NextAuth.js is a complete open source authentication solution for Next.js applications. In affected versions an attacker can send a request to an app using NextAuth.js with an invalid callbackUrl query parameter, which internally is converted to a URL object. The URL instantiation would fail due ...

CVE-2022-31093 Improper Handling of `callbackUrl` parameter in next-auth

NextAuth.js is a complete open source authentication solution for Next.js applications. In affected versions an attacker can send a request to an app using NextAuth.js with an invalid callbackUrl query parameter, which internally is converted to a URL object. The URL instantiation would fail due ...

GHSA-G5FM-JP9V-2432 Improper Handling of `callbackUrl` parameter in next-auth

Impact An attacker can send a request to an app using NextAuth.js with an invalid callbackUrl query parameter, which internally we convert to a URL object. The URL instantiation would fail due to a malformed URL being passed into the constructor, causing it to throw an unhandled error which led t...

Improper Handling of `callbackUrl` parameter in next-auth

Impact An attacker can send a request to an app using NextAuth.js with an invalid callbackUrl query parameter, which internally we convert to a URL object. The URL instantiation would fail due to a malformed URL being passed into the constructor, causing it to throw an unhandled error which led t...

CVE-2022-1186

The WordPress plugin Be POPIA Compliant exposed sensitive information to unauthenticated users consisting of site visitors emails and usernames via an API route, in versions up to an including 1.1.5...

Design/Logic Flaw

The WordPress plugin Be POPIA Compliant exposed sensitive information to unauthenticated users consisting of site visitors emails and usernames via an API route, in versions up to an including 1.1.5...

PT-2022-13700

Name of the Vulnerable Software and Affected Versions Be POPIA Compliant versions up to and including 1.1.5 Description The issue exposes sensitive information, including site visitors' emails and usernames, to unauthenticated users through an API route. Recommendations For versions up to and...

Be POPIA Compliant < 1.1.6 - Unauthenticated Sensitive Information Exposure

The plugin exposes sensitive information to unauthenticated users such as site visitors emails and usernames via an API route...

Design/Logic Flaw

Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In versions prior to 6.4.8.2 it is possible to modify customers and to create orders without App Permission. This issue is a result of improper api route checking. Users are advised to upgra...

Rocket.Chat: API route chat.getThreadsList leaks private message content

Summary The /api/v1/chat.getThreadsList does not sanitize user inputs and can therefore leak private thread messages to unauthorized users via Mongo DB injection. Description The chat.getThreadsList API route is defined in app/api/server/v1/chat.jsL522-L572: javascript const rid, type, text =...