Appwrite Vulnerable to Cross-site Scripting

Appwrite is vulnerable to stored cross-site scripting in usernames, function names, storage bucket names, and database collection names...

CVE-2022-2925

Cross-site Scripting XSS - Stored in GitHub repository appwrite/appwrite prior to 1.0.0-RC1...

CVE-2022-2925

Cross-site Scripting XSS - Stored in GitHub repository appwrite/appwrite prior to 1.0.0-RC1...

Cross site scripting

Cross-site Scripting XSS - Stored in GitHub repository appwrite/appwrite prior to 1.0.0-RC1...

CVE-2022-2925

CVE-2022-2925 relates to Appwrite: stored XSS vulnerability in the Appwrite server prior to 1.0.0-RC1. Affected components include usernames, function names, storage bucket names, and database collection names. Root cause described in public advisories as improper input handling leading to stored...

CVE-2022-2925 Cross-site Scripting (XSS) - Stored in appwrite/appwrite

Cross-site Scripting XSS - Stored in GitHub repository appwrite/appwrite prior to 1.0.0-RC1...

PT-2022-19497 · Appwrite · Appwrite

Name of the Vulnerable Software and Affected Versions: appwrite versions prior to 1.0.0-RC1 Description: The issue is related to stored Cross-site Scripting XSS in the appwrite repository. This type of attack occurs when an application stores user input data without proper validation, allowing an...

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site Scripting XSS - Stored in GitHub repository appwrite/appwrite prior to 1.0.0-RC1...

Appwrite 跨站脚本漏洞

Appwrite is Appwrite open source an end-to-end backend server . Used to package into a set of Docker microservices for web, mobile, native or backend applications . A cross-site scripting vulnerability exists in versions prior to Appwrite 1.0.0-RC1. No information about this vulnerability is...

Prototype Pollution in litespeed.js and appwrite/server-ce

This affects the package litespeed.js before 0.3.12; the package appwrite/server-ce from 0.12.0 and before 0.12.2, before 0.11.1. When parsing the query string in the getJsonFromUrl function, the key that is set in the result object is not properly sanitized leading to a Prototype Pollution...

GHSA-V9P9-535W-4285 Prototype Pollution in litespeed.js and appwrite/server-ce

This affects the package litespeed.js before 0.3.12; the package appwrite/server-ce from 0.12.0 and before 0.12.2, before 0.11.1. When parsing the query string in the getJsonFromUrl function, the key that is set in the result object is not properly sanitized leading to a Prototype Pollution...

CVE-2021-23682

This affects the package litespeed.js before 0.3.12; the package appwrite/server-ce from 0.12.0 and before 0.12.2, before 0.11.1. When parsing the query string in the getJsonFromUrl function, the key that is set in the result object is not properly sanitized leading to a Prototype Pollution...

Code injection

This affects the package litespeed.js before 0.3.12; the package appwrite/server-ce from 0.12.0 and before 0.12.2, before 0.11.1. When parsing the query string in the getJsonFromUrl function, the key that is set in the result object is not properly sanitized leading to a Prototype Pollution...

CVE-2021-23682 Prototype Pollution

This affects the package litespeed.js before 0.3.12; the package appwrite/server-ce from 0.12.0 and before 0.12.2, before 0.11.1. When parsing the query string in the getJsonFromUrl function, the key that is set in the result object is not properly sanitized leading to a Prototype Pollution...

CVE-2021-23682

Prototype pollution vulnerability in litespeed.js (

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

This affects the package litespeed.js before 0.3.12; the package appwrite/server-ce from 0.12.0 and before 0.12.2, before 0.11.1. When parsing the query string in the getJsonFromUrl function, the key that is set in the result object is not properly sanitized leading to a Prototype Pollution...

Prototype Pollution

Overview appwrite/server-ce is an End to end backend server for frontend and mobile apps. Affected versions of this package are vulnerable to Prototype Pollution. When parsing the query string in the getJsonFromUrl function, the key that is set in the result object is not properly sanitized leadi...

Server-Side Request Forgery (SSRF) in appwrite/appwrite

Description An authenticated SSRF vulnerability exists in appwrite's webhooks / tasks feature. The gopher:// protocol can be used to cause code execution on the Redis server that comes along with appwrite. The attacker must know the IP address of the redis-server which can be done by creating...