Lucene search
+L

395 matches found

CNNVD
CNNVD
added 2024/02/21 12:0 a.m.6 views

Fiber Security Breach

Fiber is an open source web framework written in the Go language. A security vulnerability exists in Fiber versions prior to 2.52.1 that stems from allowing insecure configurations that could lead to unauthorized access to sensitive user data...

9.8CVSS6.6AI score0.0066EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2024/02/21 12:0 a.m.5 views

PT-2024-20765 · Fiber · Fiber

Name of the Vulnerable Software and Affected Versions: Fiber versions prior to 2.52.1 Description: The issue is related to the CORS middleware in Fiber, which allows for insecure configurations. Specifically, it permits setting the Access-Control-Allow-Origin header to a wildcard while also havin...

9.8CVSS7.2AI score0.0066EPSS
Exploits1References22
Prion
Prion
added 2024/01/11 6:15 p.m.22 views

Cross site scripting

This package provides universal methods to use multiple template engines with the Fiber web framework using the Views interface. This vulnerability specifically impacts web applications that render user-supplied data through this template engine, potentially leading to the execution of malicious...

5.8CVSS6.3AI score0.00484EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/01/11 5:39 p.m.14 views

CVE-2024-22199 Django Template Engine Vulnerable to XSS

This package provides universal methods to use multiple template engines with the Fiber web framework using the Views interface. This vulnerability specifically impacts web applications that render user-supplied data through this template engine, potentially leading to the execution of malicious...

9.3CVSS6.1AI score0.00484EPSS
Exploits0References2
CVE
CVE
added 2024/01/11 5:39 p.m.52 views

CVE-2024-22199

The CVE-2024-22199 entry concerns Cross-site Scripting (XSS) in the GoFiber Django template engine (github.com/gofiber/template/django/v3) used with Fiber. Root cause is improper handling of user-supplied data via the Views interface, enabling XSS unless autoescaping is enforced. A patch has been...

9.3CVSS6AI score0.00484EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/01/11 5:39 p.m.29 views

CVE-2024-22199 Django Template Engine Vulnerable to XSS

This package provides universal methods to use multiple template engines with the Fiber web framework using the Views interface. This vulnerability specifically impacts web applications that render user-supplied data through this template engine, potentially leading to the execution of malicious...

9.3CVSS9.2AI score0.00484EPSS
Exploits0References2
OSV
OSV
added 2024/01/11 5:39 p.m.225 views

CVE-2024-22199 Django Template Engine Vulnerable to XSS

This package provides universal methods to use multiple template engines with the Fiber web framework using the Views interface. This vulnerability specifically impacts web applications that render user-supplied data through this template engine, potentially leading to the execution of malicious...

9.3CVSS6.7AI score0.00484EPSS
Exploits0References4
OSV
OSV
added 2024/01/11 4:41 p.m.66 views

GHSA-4MQ2-GC4J-CMW6 Django Template Engine Vulnerable to XSS

Impact Vulnerability Type: Cross-Site Scripting XSS Affected Users: All users of the Django template engine for Fiber prior to the patch. This vulnerability specifically impacts web applications that render user-supplied data through this template engine, potentially leading to the execution of...

9.3CVSS7.1AI score0.00484EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2024/01/11 4:41 p.m.25 views

Django Template Engine Vulnerable to XSS

Impact Vulnerability Type: Cross-Site Scripting XSS Affected Users: All users of the Django template engine for Fiber prior to the patch. This vulnerability specifically impacts web applications that render user-supplied data through this template engine, potentially leading to the execution of...

9.3CVSS5.7AI score0.00484EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2024/01/11 12:0 a.m.8 views

Fiber Security Breach

Fiber is an open source web framework written in the Go language. A security vulnerability exists in Fiber template versions prior to 3.1.9, which stems from the presence of a cross-site scripting XSS vulnerability. The vulnerability can be exploited by an attacker to execute malicious script in ...

9.3CVSS6AI score0.00484EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/01/11 12:0 a.m.7 views

PT-2024-19268 · Unknown · Django Template Engine

Name of the Vulnerable Software and Affected Versions: Django template engine for Fiber versions prior to the latest patched version Description: This issue specifically impacts web applications that render user-supplied data through the Django template engine, potentially leading to the executio...

9.3CVSS6.3AI score0.00484EPSS
Exploits0References9
OSV
OSV
added 2023/10/24 4:57 p.m.27 views

GO-2023-2116 CSRF token validation vulnerability in github.com/gofiber/fiber/v2

A cross-site request forgery vulnerability can allow an attacker to obtain tokens and forge malicious requests on behalf of a user. This can lead to unauthorized actions being taken on the user's behalf, potentially compromising the security and integrity of the application. The vulnerability is...

8.8CVSS8.5AI score0.00265EPSS
Exploits0References3
OSV
OSV
added 2023/10/24 4:57 p.m.47 views

GO-2023-2115 CSRF token reuse vulnerability in github.com/gofiber/fiber/v2

A cross-site request forgery vulnerability in this package can allow an attacker to inject arbitrary values and forge malicious requests on behalf of a user. The attacker may inject arbitrary values without any authentication, or perform various malicious actions on behalf of an authenticated use...

10CVSS9.2AI score0.00313EPSS
Exploits0References3
Veracode
Veracode
added 2023/10/18 6:45 a.m.22 views

Cross-Site Request Forgery (CSRF)

github.com/gofiber/fiber is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is caused by improper validation and enforcement of CSRF tokens within the application. An attacker is able to trick a user into performing unauthorized actions on the application, such as changing their...

8.8CVSS6.9AI score0.00265EPSS
Exploits0References3Affected Software1
Veracode
Veracode
added 2023/10/18 6:27 a.m.18 views

Cross-Site Request Forgery (CSRF)

github.com/gofiber/fiber is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to improper validation and enforcement of CSRF tokens within the application. An attacker is able to exploit this vulnerability by tricking a user into clicking on a malicious link or by sending a...

10CVSS6.9AI score0.00313EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2023/10/16 9:15 p.m.50 views

CVE-2023-45128

Fiber is an express inspired web framework written in Go. A Cross-Site Request Forgery CSRF vulnerability has been identified in the application, which allows an attacker to inject arbitrary values and forge malicious requests on behalf of a user. This vulnerability can allow an attacker to injec...

10CVSS9.6AI score0.00313EPSS
Exploits0References2
NVD
NVD
added 2023/10/16 9:15 p.m.20 views

CVE-2023-45141

Fiber is an express inspired web framework written in Go. A Cross-Site Request Forgery CSRF vulnerability has been identified in the application, which allows an attacker to obtain tokens and forge malicious requests on behalf of a user. This can lead to unauthorized actions being taken on the...

8.8CVSS8.7AI score0.00265EPSS
Exploits0References1
Prion
Prion
added 2023/10/16 9:15 p.m.22 views

Cross site request forgery (csrf)

Fiber is an express inspired web framework written in Go. A Cross-Site Request Forgery CSRF vulnerability has been identified in the application, which allows an attacker to obtain tokens and forge malicious requests on behalf of a user. This can lead to unauthorized actions being taken on the...

6.8CVSS8.8AI score0.00265EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/10/16 8:48 p.m.14 views

CVE-2023-45141 CSRF Token Validation Vulnerability in fiber

Fiber is an express inspired web framework written in Go. A Cross-Site Request Forgery CSRF vulnerability has been identified in the application, which allows an attacker to obtain tokens and forge malicious requests on behalf of a user. This can lead to unauthorized actions being taken on the...

8.6CVSS8.3AI score0.00265EPSS
Exploits0References3
CVE
CVE
added 2023/10/16 8:48 p.m.77 views

CVE-2023-45141

CVE-2023-45141 affects the Go framework fiber (Fiber). The CSRF token validation vulnerability arises from improper validation/enforcement of CSRF tokens, with tokens not tied to the original requester allowing token reuse and forged actions. Affected data paths include token handling in fiber/v2...

8.8CVSS8.8AI score0.00265EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder