Lucene search
K

137 matches found

NVD
NVD
added 2026/04/29 9:16 a.m.8 views

CVE-2025-10503

The authentication endpoint accepts user-supplied input without enforcing expected validation constraints, leading to a lack of proper output encoding. This allows for the injection of malicious JavaScript payloads, enabling reflected cross-site scripting. An attacker can leverage this...

6.1CVSS0.00173EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/29 8:8 a.m.7 views

EUVD-2025-209586

The authentication endpoint accepts user-supplied input without enforcing expected validation constraints, leading to a lack of proper output encoding. This allows for the injection of malicious JavaScript payloads, enabling reflected cross-site scripting. An attacker can leverage this...

6.1CVSS5.3AI score0.00173EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/29 8:8 a.m.6 views

CVE-2025-10503

The authentication endpoint accepts user-supplied input without enforcing expected validation constraints, leading to a lack of proper output encoding. This allows for the injection of malicious JavaScript payloads, enabling reflected cross-site scripting. An attacker can leverage this...

6.1CVSS5.3AI score0.00173EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/04/29 8:8 a.m.15 views

CVE-2025-10503

WSO2 Identity Server: CVE-2025-10503 is a reflected cross-site scripting flaw in the authentication endpoint caused by insufficient output encoding for user-supplied input. This allows injection of malicious JavaScript payloads that can redirect users, alter the UI, or retrieve information from t...

6.1CVSS5.4AI score0.00173EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/04/29 8:8 a.m.31 views

CVE-2025-10503 Reflected Cross-Site Scripting via Authentication Endpoint in WSO2 Identity Server

The authentication endpoint accepts user-supplied input without enforcing expected validation constraints, leading to a lack of proper output encoding. This allows for the injection of malicious JavaScript payloads, enabling reflected cross-site scripting. An attacker can leverage this...

6.1CVSS0.00173EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/29 12:0 a.m.12 views

WSO2 Identity Server 跨站脚本漏洞

WSO2 Identity Server is an identity authentication server developed by the American company WSO2. WSO2 Identity Server has a cross-site scripting vulnerability. This vulnerability arises from the fact that the authentication endpoint accepts user input without enforcing the expected verification...

6.1CVSS5.6AI score0.00173EPSS
Exploits0References1
CVE
CVE
added 2026/04/27 3:8 p.m.25 views

CVE-2026-41462

ProjeQtor is affected by an unauthenticated SQL injection in the login functionality for versions 7.0–12.4.3, where the login input is directly concatenated into a SQL query without parameterization or sanitization. Attackers can inject arbitrary SQL via the username field at the authentication e...

9.8CVSS6.1AI score0.00558EPSS
Exploits2References4
Vulnrichment
Vulnrichment
added 2026/04/27 3:8 p.m.5 views

CVE-2026-41462 ProjeQtor < 12.4.4 Unauthenticated SQL Injection via Login

ProjeQtor versions 7.0 through 12.4.3 contain an unauthenticated SQL injection vulnerability in the login functionality where the login variable is directly concatenated into a SQL query without parameterization or sanitization. Attackers can inject arbitrary SQL expressions through the username...

9.8CVSS6AI score0.00558EPSS
Exploits2References4
ATTACKERKB
ATTACKERKB
added 2026/04/27 3:8 p.m.5 views

CVE-2026-41462

ProjeQtor versions 7.0 through 12.4.3 contain an unauthenticated SQL injection vulnerability in the login functionality where the login variable is directly concatenated into a SQL query without parameterization or sanitization. Attackers can inject arbitrary SQL expressions through the username...

9.8CVSS6.1AI score0.00558EPSS
Exploits2References5Affected Software1
Cvelist
Cvelist
added 2026/04/24 6:49 p.m.29 views

CVE-2026-41418 4ga Boards: User Enumeration via Timing Side-Channel in Authentication Endpoint

4ga Boards is a boards system for realtime project management. Prior to 3.3.5, 4ga Boards is vulnerable to user enumeration via a timing side-channel in the login endpoint POST /api/access-tokens. When an invalid username/email is provided, the server responds immediately 17ms average. When a val...

5.3CVSS0.00197EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/17 3:31 p.m.6 views

EUVD-2026-22875

Mattermost versions 10.11.x = 10.11.12, 11.5.x = 11.5.0, 11.4.x = 11.4.2, 11.3.x = 11.3.2 fail to validate CSRF tokens on an authentication endpoint which allows an attacker to update a user's authentication method via a CSRF attack by tricking a user into visiting a malicious page. Mattermost...

6.8CVSS5.8AI score0.00129EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/17 3:31 p.m.8 views

Mattermost doesn't validate CSRF tokens on an authentication endpoint

Mattermost versions 10.11.x = 10.11.12, 11.5.x = 11.5.0, 11.4.x = 11.4.2, 11.3.x = 11.3.2 fail to validate CSRF tokens on an authentication endpoint which allows an attacker to update a user's authentication method via a CSRF attack by tricking a user into visiting a malicious page. Mattermost...

8.1CVSS5.2AI score0.00129EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/04/17 3:31 p.m.3 views

GHSA-M7CF-4GH2-V4QG Mattermost doesn't validate CSRF tokens on an authentication endpoint

Mattermost versions 10.11.x = 10.11.12, 11.5.x = 11.5.0, 11.4.x = 11.4.2, 11.3.x = 11.3.2 fail to validate CSRF tokens on an authentication endpoint which allows an attacker to update a user's authentication method via a CSRF attack by tricking a user into visiting a malicious page. Mattermost...

6.8CVSS5.8AI score0.00129EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/16 12:31 p.m.5 views

EUVD-2024-55545

The authentication endpoint fails to adequately validate user-supplied input before reflecting it back in the response. This allows an attacker to inject malicious script payloads into the input parameters, which are then executed by the victim's browser. Successful exploitation can enable an...

6.1CVSS5.8AI score0.0024EPSS
Exploits0References2
NVD
NVD
added 2026/04/16 10:16 a.m.10 views

CVE-2025-6024

The authentication endpoint fails to encode user-supplied input before rendering it in the web page, allowing for script injection. An attacker can leverage this by injecting malicious scripts into the authentication endpoint. This can result in the user's browser being redirected to a malicious...

6.1CVSS0.0023EPSS
Exploits0References1
NVD
NVD
added 2026/04/16 10:16 a.m.11 views

CVE-2024-10242

The authentication endpoint fails to adequately validate user-supplied input before reflecting it back in the response. This allows an attacker to inject malicious script payloads into the input parameters, which are then executed by the victim's browser. Successful exploitation can enable an...

6.1CVSS0.0024EPSS
Exploits0References1
CVE
CVE
added 2026/04/16 9:48 a.m.9 views

CVE-2025-6024

CVE-2025-6024 affects multiple WSO2 products, where the authentication endpoint fails to encode user-supplied input before rendering, enabling a Cross-Site Scripting (XSS) vector in the authentication flow. The vulnerability arises from improper input encoding at the end-user page, allowing an at...

6.1CVSS5.7AI score0.0023EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/16 9:48 a.m.3 views

CVE-2025-6024 Cross-Site Scripting via Authentication Endpoint in Multiple WSO2 Products Allows Redirection to Malicious Websites

The authentication endpoint fails to encode user-supplied input before rendering it in the web page, allowing for script injection. An attacker can leverage this by injecting malicious scripts into the authentication endpoint. This can result in the user's browser being redirected to a malicious...

6.1CVSS5.7AI score0.0023EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/16 9:48 a.m.7 views

CVE-2025-6024

The authentication endpoint fails to encode user-supplied input before rendering it in the web page, allowing for script injection. An attacker can leverage this by injecting malicious scripts into the authentication endpoint. This can result in the user's browser being redirected to a malicious...

6.1CVSS5.7AI score0.0023EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2026/04/16 9:48 a.m.35 views

CVE-2025-6024 Cross-Site Scripting via Authentication Endpoint in Multiple WSO2 Products Allows Redirection to Malicious Websites

The authentication endpoint fails to encode user-supplied input before rendering it in the web page, allowing for script injection. An attacker can leverage this by injecting malicious scripts into the authentication endpoint. This can result in the user's browser being redirected to a malicious...

6.1CVSS0.0023EPSS
Exploits0References1
Rows per page
Query Builder