Lucene search
+L

58 matches found

Github Security Blog
Github Security Blog
added 2022/01/28 12:3 a.m.31 views

Cross-site Scripting in Crater Invoice

Crater invoice prior to version 6.0.0 has a cross-site scripting vulnerability...

7.6CVSS2.9AI score0.00613EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2022/01/28 12:3 a.m.22 views

GHSA-6VFW-74WR-3CHH Cross-site Scripting in Crater Invoice

Crater invoice prior to version 6.0.0 has a cross-site scripting vulnerability...

5.4CVSS5.1AI score0.00613EPSS
Exploits1References5
Cvelist
Cvelist
added 2022/01/27 7:35 a.m.46 views

CVE-2022-0372 Cross-site Scripting (XSS) - Stored in crater-invoice/crater

Cross-site Scripting XSS - Stored in Packagist bytefury/crater prior to 6.0.2...

7.6CVSS5.4AI score0.00613EPSS
Exploits1References2
Huntr
Huntr
added 2022/01/27 4:7 a.m.45 views

Cross-Site Request Forgery (CSRF) in crater-invoice/crater

Description An attacker is able to log out a user if a logged-in user visits the attacker's website. Proof of Concept history.pushState'', '', '/' document.forms0.submit; Impact This vulnerability is capable of forging users to unintentional logout. More details One way GET could be abused here i...

4.3CVSS4.3AI score0.00422EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2022/01/27 12:1 a.m.29 views

Missing Authorization in Crater Invoice

Crater Invoice prior to version 6.0.2 has a missing authorization vulnerability...

7.5CVSS4.4AI score0.01213EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2022/01/27 12:1 a.m.18 views

GHSA-XH9G-CP3V-P8Q4 Missing Authorization in Crater Invoice

Crater Invoice prior to version 6.0.2 has a missing authorization vulnerability...

5.3CVSS5.1AI score0.01213EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2022/01/26 1:15 p.m.4 views

CVE-2022-0203

Improper Access Control in GitHub repository crater-invoice/crater prior to 6.0.2...

7.5CVSS6.6AI score0.01213EPSS
Exploits1References3
Prion
Prion
added 2022/01/26 1:15 p.m.11 views

Improper access control

Improper Access Control in GitHub repository crater-invoice/crater prior to 6.0.2...

5CVSS5.3AI score0.01213EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2022/01/26 12:20 p.m.28 views

CVE-2022-0203 Improper Access Control in crater-invoice/crater

Improper Access Control in GitHub repository crater-invoice/crater prior to 6.0.2...

7.5CVSS6.5AI score0.01213EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/01/26 12:0 a.m.6 views

Crater Invoice crater 安全漏洞

Crater Invoice Crater is an open source web and mobile application from Crater Invoice, Inc. for tracking expenses, payments and creating professional invoices and estimates. Crater Invoice crater has a security vulnerability that stems from improper access control in the GitHub repository prior ...

7.5CVSS6.6AI score0.01213EPSS
Exploits1References3
NVD
NVD
added 2022/01/17 7:15 p.m.36 views

CVE-2022-0242

Unrestricted Upload of File with Dangerous Type in GitHub repository crater-invoice/crater prior to 6.0...

7.2CVSS0.01413EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/01/17 7:15 p.m.19 views

CVE-2022-0242

Unrestricted Upload of File with Dangerous Type in GitHub repository crater-invoice/crater prior to 6.0...

7.2CVSS7.1AI score0.01413EPSS
Exploits1References3
Cvelist
Cvelist
added 2022/01/17 6:15 p.m.42 views

CVE-2022-0242 Unrestricted Upload of File with Dangerous Type in crater-invoice/crater

Unrestricted Upload of File with Dangerous Type in GitHub repository crater-invoice/crater prior to 6.0...

7.2CVSS7.2AI score0.01413EPSS
Exploits1References2
Huntr
Huntr
added 2022/01/16 11:58 p.m.20 views

Cross-site Scripting (XSS) - Stored in crater-invoice/crater

Description There is a vulnerability in the upload avatar functionality of crater invoice which would allow an attacker to upload malicious .SVG files in order to execute Javascript. All that is required is that the victim browse to the link location of the .SVG file Proof of Concept xss.svg:...

3.5CVSS0.00613EPSS
Exploits1
Cvelist
Cvelist
added 2022/01/12 2:5 p.m.30 views

CVE-2021-4080 Unrestricted Upload of File with Dangerous Type in crater-invoice/crater

crater is vulnerable to Unrestricted Upload of File with Dangerous Type...

8.8CVSS8.9AI score0.01474EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/01/12 12:0 a.m.9 views

Crater Invoice Crater 代码问题漏洞

Crater Invoice Crater is an open source web and mobile application from Crater Invoice, Inc. for tracking expenses, payments and creating professional invoices and estimates. Crater Invoice crater suffers from a code issue vulnerability that stems from the unrestricted upload of dangerous types o...

8.8CVSS8AI score0.01474EPSS
Exploits1References2
Huntr
Huntr
added 2021/12/29 7:43 p.m.15 views

Improper Access Control in crater-invoice/crater

Description In recent Crater version faf1ef09 tag: 5.0.6 I discovered, that not authenticated user can download all expense receipts uploaded to any company. Proof of Concept Python import requests for i in range1, 100: r = requests.getf'http://172.17.0.1:8080/expenses/i/download-receipt' if...

5CVSS5.5AI score0.01213EPSS
Exploits1References1
Huntr
Huntr
added 2021/12/03 10:57 p.m.13 views

PHP Remote File Inclusion in crater-invoice/crater

Description No mime type restriction on file uploads, allowing an attacker to upload and execute arbitrary PHP code. Proof of Concept Login to the dashboard, preferably using your own localhost install. Go to "Expenses", "Settings Account" or "Settings Company". Upload any PHP file you want. Impa...

4.1AI score
Exploits0References1
Rows per page
Query Builder