Lucene search
K

35 matches found

OSV
OSV
added 2024/02/29 9:56 p.m.16 views

CVE-2024-27292 Docassemble unauthorized access through URL manipulation

Docassemble is an expert system for guided interviews and document assembly. The vulnerability allows attackers to gain unauthorized access to information on the system through URL manipulation. It affects versions 1.4.53 to 1.4.96. The vulnerability has been patched in version 1.4.97 of the mast...

7.5CVSS8AI score0.69486EPSS
Exploits2References4
Vulnrichment
Vulnrichment
added 2024/02/29 9:56 p.m.24 views

CVE-2024-27292 Docassemble unauthorized access through URL manipulation

Docassemble is an expert system for guided interviews and document assembly. The vulnerability allows attackers to gain unauthorized access to information on the system through URL manipulation. It affects versions 1.4.53 to 1.4.96. The vulnerability has been patched in version 1.4.97 of the mast...

7.5CVSS6.7AI score0.69486EPSS
Exploits2References2
Cvelist
Cvelist
added 2024/02/29 9:56 p.m.36 views

CVE-2024-27292 Docassemble unauthorized access through URL manipulation

Docassemble is an expert system for guided interviews and document assembly. The vulnerability allows attackers to gain unauthorized access to information on the system through URL manipulation. It affects versions 1.4.53 to 1.4.96. The vulnerability has been patched in version 1.4.97 of the mast...

7.5CVSS7.8AI score0.69486EPSS
Exploits2References2
CVE
CVE
added 2024/02/29 9:56 p.m.177 views

CVE-2024-27292

Docassemble (1.4.53–1.4.96) is affected by CVE-2024-27292: an unauthenticated information disclosure via URL manipulation in the interview endpoint. The issue enables reading arbitrary server information; patch is available in version 1.4.97 of the master branch. The vulnerability has CVSS 3.1 ba...

7.5CVSS7.5AI score0.69486EPSS
Exploits2References2Affected Software1
CVE
CVE
added 2024/02/29 9:49 p.m.101 views

CVE-2024-27291

CVE-2024-27291 concerns Docassemble, an expert system for guided interviews and document assembly. The issue is an open redirect vulnerability: before version 1.4.97, a crafted URL can cause a user to be redirected to an arbitrary site due to improper URL handling. The open redirect is mitigated ...

6.1CVSS6.1AI score0.00411EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/02/29 9:49 p.m.13 views

CVE-2024-27291 Docassemble open redirect

Docassemble is an expert system for guided interviews and document assembly. Prior to 1.4.97, it is possible to create a URL that acts as an open redirect. The vulnerability has been patched in version 1.4.97 of the master branch...

6.1CVSS6.1AI score0.00411EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/02/29 9:49 p.m.12 views

CVE-2024-27291 Docassemble open redirect

Docassemble is an expert system for guided interviews and document assembly. Prior to 1.4.97, it is possible to create a URL that acts as an open redirect. The vulnerability has been patched in version 1.4.97 of the master branch...

6.1CVSS6.4AI score0.00411EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/02/29 9:49 p.m.14 views

CVE-2024-27291 Docassemble open redirect

Docassemble is an expert system for guided interviews and document assembly. Prior to 1.4.97, it is possible to create a URL that acts as an open redirect. The vulnerability has been patched in version 1.4.97 of the master branch...

6.1CVSS6.7AI score0.00411EPSS
Exploits0References2
CVE
CVE
added 2024/02/29 9:44 p.m.111 views

CVE-2024-27290

Docassemble is affected by an HTML/JavaScript injection vulnerability in which an attacker could input HTML in a field (notably the user’s name) and have it rendered as HTML. This stems from improper handling of user-supplied HTML prior to version 1.4.97. The issue has been fixed in the master br...

6.1CVSS6.1AI score0.00434EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/02/29 9:44 p.m.23 views

CVE-2024-27290 Docassemble HTML and javascript injection

Docassemble is an expert system for guided interviews and document assembly. Prior to 1.4.97, a user could type HTML into a field, including the field for the user's name, and then that HTML could be displayed on the screen as HTML. The vulnerability has been patched in version 1.4.97 of the mast...

6.1CVSS6.3AI score0.00434EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/02/29 9:44 p.m.15 views

CVE-2024-27290 Docassemble HTML and javascript injection

Docassemble is an expert system for guided interviews and document assembly. Prior to 1.4.97, a user could type HTML into a field, including the field for the user's name, and then that HTML could be displayed on the screen as HTML. The vulnerability has been patched in version 1.4.97 of the mast...

6.1CVSS6.5AI score0.00434EPSS
Exploits0References2
OSV
OSV
added 2024/02/29 9:44 p.m.25 views

CVE-2024-27290 Docassemble HTML and javascript injection

Docassemble is an expert system for guided interviews and document assembly. Prior to 1.4.97, a user could type HTML into a field, including the field for the user's name, and then that HTML could be displayed on the screen as HTML. The vulnerability has been patched in version 1.4.97 of the mast...

6.1CVSS6AI score0.00434EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/02/29 12:0 a.m.9 views

PT-2024-21798

Name of the Vulnerable Software and Affected Versions Docassemble versions prior to 1.4.97 Description The issue allows a user to type HTML into a field, including the field for the user's name, and then that HTML could be displayed on the screen as HTML. The HTML can also contain tags, allowing...

6.1CVSS6.5AI score0.00434EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2024/02/29 12:0 a.m.7 views

PT-2024-21799

Name of the Vulnerable Software and Affected Versions Docassemble versions prior to 1.4.97 Description The issue allows an attacker to create a URL that acts as an open redirect. This can potentially be used to redirect users to malicious websites. Recommendations For versions prior to 1.4.97,...

6.1CVSS6.4AI score0.00411EPSS
Exploits0References12
Veracode
Veracode
added 2021/05/07 8:47 a.m.10 views

Information Disclosure

docassemble is vulnerable to information disclosure. An attacker is able to gain unauthorized access to information on the system through URL manipulation...

2.3AI score
Exploits0References2Affected Software1
Rows per page
Query Builder