4 matches found
WebCatalog 48.4 Arbitrary Protocol Execution / Code Execution Vulnerability
WebCatalog versions prior to 48.8 call the Electron shell.openExternal function without verifying that the URL is for an http or https resource. This vulnerability allows an attacker to potentially execute code through arbitrary protocols on the victims machine by having users sync pages with...
CVE-2023-42222
creationtimestamp| type| source ---|---|--- 2023-09-28 07:49:39+00:00| seen| https://t.me/cibsecurity/71172...
CVE-2023-42222
WebCatalog before 49.0 is vulnerable to Incorrect Access Control. WebCatalog calls the Electron shell.openExternal function without verifying that the URL is for an http or https resource, in some circumstances...
CVE-2023-42222
WebCatalog (desktop app) before version 49.0 is vulnerable to Incorrect Access Control due to Electron shell.openExternal being invoked without validating http/https URLs. The CVE-2023-42222 description and Red Hat/PRION entries confirm this issue affects WebCatalog pre-49.0 with potential for co...