300 matches found
PT-2026-46076
Уязвимость программного обеспечения Blitz Identity Provider связана с непринятием мер по защите структуры веб-страницы. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, проводить межсайтовые сценарные атаки XSS...
PT-2026-46077
Уязвимость программного обеспечения Blitz Identity Provider связана с подделкой межсайтовых запросов. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, осуществить CSRF-атаку...
CVE-2026-9520
A flaw was found in blitz-js blitz. A remote attacker can exploit this vulnerability by manipulating the 'Next' argument within the 'LoginForm.tsx' component. This manipulation leads to cross-site scripting XSS, which allows the attacker to inject malicious scripts into web pages viewed by other...
CVE-2026-9520
A weakness has been identified in blitz-js blitz up to 3.0.2 on GitHub. This impacts an unknown function of the file packages/generator/templates/app/src/app/auth/components/LoginForm.tsx of the component Sign-in. This manipulation of the argument Next causes cross site scripting. It is possible ...
CVE-2026-9520
A weakness has been identified in blitz-js blitz up to 3.0.2 on GitHub. This impacts an unknown function of the file packages/generator/templates/app/src/app/auth/components/LoginForm.tsx of the component Sign-in. This manipulation of the argument Next causes cross site scripting. It is possible ...
CVE-2026-9520 blitz-js blitz Sign-in LoginForm.tsx cross site scripting
A weakness has been identified in blitz-js blitz up to 3.0.2 on GitHub. This impacts an unknown function of the file packages/generator/templates/app/src/app/auth/components/LoginForm.tsx of the component Sign-in. This manipulation of the argument Next causes cross site scripting. It is possible ...
CVE-2026-9520 blitz-js blitz Sign-in LoginForm.tsx cross site scripting
A weakness has been identified in blitz-js blitz up to 3.0.2 on GitHub. This impacts an unknown function of the file packages/generator/templates/app/src/app/auth/components/LoginForm.tsx of the component Sign-in. This manipulation of the argument Next causes cross site scripting. It is possible ...
EUVD-2026-31781
A weakness has been identified in blitz-js blitz up to 3.0.2 on GitHub. This impacts an unknown function of the file packages/generator/templates/app/src/app/auth/components/LoginForm.tsx of the component Sign-in. This manipulation of the argument Next causes cross site scripting. It is possible ...
CVE-2026-9520
Product/affected software : blitz-js blitz (up to 3.0.2). Vulnerable component/file : packages/generator/templates/app/src/app/auth/components/LoginForm.tsx in the Sign-in module. Root cause : argument manipulation in Next leads to cross-site scripting. Impact : cross-site scripting vulnerability...
Blitz 代码注入漏洞
Blitz is an open-source full-stack Next.js development toolkit developed by Blitz. Versions of Blitz 3.0.2 and earlier contained a code injection vulnerability. This vulnerability stemmed from an unknown function in the packages/generator/templates/app/src/app/auth/components/LoginForm.tsx file,...
PT-2026-43177
A weakness has been identified in blitz-js blitz up to 3.0.2 on GitHub. This impacts an unknown function of the file packages/generator/templates/app/src/app/auth/components/LoginForm.tsx of the component Sign-in. This manipulation of the argument Next causes cross site scripting. It is possible ...
PT-2026-44125
Уязвимость программного обеспечения Blitz Identity Provider связана с непринятием мер по защите структуры веб-страницы. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, проводить межсайтовые сценарные атаки XSS...
CVE-2025-60935
An open redirect vulnerability in the login endpoint of Blitz Panel v1.17.0 allows attackers to redirect users to malicious domains via a crafted URL. This issue affects the nexturl parameter in the login endpoint and could lead to phishing or token theft after successful authentication...
CVE-2025-60935
An open redirect vulnerability in the login endpoint of Blitz Panel v1.17.0 allows attackers to redirect users to malicious domains via a crafted URL. This issue affects the nexturl parameter in the login endpoint and could lead to phishing or token theft after successful authentication...
CVE-2025-60935
An open redirect vulnerability in the login endpoint of Blitz Panel v1.17.0 allows attackers to redirect users to malicious domains via a crafted URL. This issue affects the nexturl parameter in the login endpoint and could lead to phishing or token theft after successful authentication...
CVE-2025-60935
CVE-2025-60935 describes an open redirect in Blitz Panel v1.17.0 at the login endpoint, affecting the next_url parameter. The vulnerability can enable a user to be redirected to a malicious domain after login, with potential phishing or token theft after authentication. Multiple connected sources...
CVE-2025-60935
An open redirect vulnerability in the login endpoint of Blitz Panel v1.17.0 allows attackers to redirect users to malicious domains via a crafted URL. This issue affects the nexturl parameter in the login endpoint and could lead to phishing or token theft after successful authentication...
PT-2025-53299
Name of the Vulnerable Software and Affected Versions Blitz Panel version 1.17.0 Description An open redirect issue exists in the login functionality of Blitz Panel. The issue is located in the /login endpoint and involves the next url parameter. Successful exploitation could allow an attacker to...
Blitz Panel 安全漏洞
Blitz Panel is a comprehensive administration panel for proxy servers by Whispering Wind Personal Developers. A security vulnerability exists in Blitz Panel version 1.17.0, which stems from an open redirection in the nexturl parameter in the login endpoint that could lead to phishing attacks or...
CVE-2025-60935
An open redirect vulnerability in the login endpoint of Blitz Panel v1.17.0 allows attackers to redirect users to malicious domains via a crafted URL. This issue affects the nexturl parameter in the login endpoint and could lead to phishing or token theft after successful authentication...