35 matches found
CVE-2024-27292 Docassemble unauthorized access through URL manipulation
Docassemble is an expert system for guided interviews and document assembly. The vulnerability allows attackers to gain unauthorized access to information on the system through URL manipulation. It affects versions 1.4.53 to 1.4.96. The vulnerability has been patched in version 1.4.97 of the mast...
CVE-2024-27292 Docassemble unauthorized access through URL manipulation
Docassemble is an expert system for guided interviews and document assembly. The vulnerability allows attackers to gain unauthorized access to information on the system through URL manipulation. It affects versions 1.4.53 to 1.4.96. The vulnerability has been patched in version 1.4.97 of the mast...
CVE-2024-27292 Docassemble unauthorized access through URL manipulation
Docassemble is an expert system for guided interviews and document assembly. The vulnerability allows attackers to gain unauthorized access to information on the system through URL manipulation. It affects versions 1.4.53 to 1.4.96. The vulnerability has been patched in version 1.4.97 of the mast...
CVE-2024-27292
Docassemble (1.4.53–1.4.96) is affected by CVE-2024-27292: an unauthenticated information disclosure via URL manipulation in the interview endpoint. The issue enables reading arbitrary server information; patch is available in version 1.4.97 of the master branch. The vulnerability has CVSS 3.1 ba...
CVE-2024-27291
CVE-2024-27291 concerns Docassemble, an expert system for guided interviews and document assembly. The issue is an open redirect vulnerability: before version 1.4.97, a crafted URL can cause a user to be redirected to an arbitrary site due to improper URL handling. The open redirect is mitigated ...
CVE-2024-27291 Docassemble open redirect
Docassemble is an expert system for guided interviews and document assembly. Prior to 1.4.97, it is possible to create a URL that acts as an open redirect. The vulnerability has been patched in version 1.4.97 of the master branch...
CVE-2024-27291 Docassemble open redirect
Docassemble is an expert system for guided interviews and document assembly. Prior to 1.4.97, it is possible to create a URL that acts as an open redirect. The vulnerability has been patched in version 1.4.97 of the master branch...
CVE-2024-27291 Docassemble open redirect
Docassemble is an expert system for guided interviews and document assembly. Prior to 1.4.97, it is possible to create a URL that acts as an open redirect. The vulnerability has been patched in version 1.4.97 of the master branch...
CVE-2024-27290
Docassemble is affected by an HTML/JavaScript injection vulnerability in which an attacker could input HTML in a field (notably the user’s name) and have it rendered as HTML. This stems from improper handling of user-supplied HTML prior to version 1.4.97. The issue has been fixed in the master br...
CVE-2024-27290 Docassemble HTML and javascript injection
Docassemble is an expert system for guided interviews and document assembly. Prior to 1.4.97, a user could type HTML into a field, including the field for the user's name, and then that HTML could be displayed on the screen as HTML. The vulnerability has been patched in version 1.4.97 of the mast...
CVE-2024-27290 Docassemble HTML and javascript injection
Docassemble is an expert system for guided interviews and document assembly. Prior to 1.4.97, a user could type HTML into a field, including the field for the user's name, and then that HTML could be displayed on the screen as HTML. The vulnerability has been patched in version 1.4.97 of the mast...
CVE-2024-27290 Docassemble HTML and javascript injection
Docassemble is an expert system for guided interviews and document assembly. Prior to 1.4.97, a user could type HTML into a field, including the field for the user's name, and then that HTML could be displayed on the screen as HTML. The vulnerability has been patched in version 1.4.97 of the mast...
PT-2024-21798
Name of the Vulnerable Software and Affected Versions Docassemble versions prior to 1.4.97 Description The issue allows a user to type HTML into a field, including the field for the user's name, and then that HTML could be displayed on the screen as HTML. The HTML can also contain tags, allowing...
PT-2024-21799
Name of the Vulnerable Software and Affected Versions Docassemble versions prior to 1.4.97 Description The issue allows an attacker to create a URL that acts as an open redirect. This can potentially be used to redirect users to malicious websites. Recommendations For versions prior to 1.4.97,...
Information Disclosure
docassemble is vulnerable to information disclosure. An attacker is able to gain unauthorized access to information on the system through URL manipulation...