395 matches found
Fiber Security Breach
Fiber is an open source web framework written in the Go language. A security vulnerability exists in Fiber versions prior to 2.52.1 that stems from allowing insecure configurations that could lead to unauthorized access to sensitive user data...
PT-2024-20765 · Fiber · Fiber
Name of the Vulnerable Software and Affected Versions: Fiber versions prior to 2.52.1 Description: The issue is related to the CORS middleware in Fiber, which allows for insecure configurations. Specifically, it permits setting the Access-Control-Allow-Origin header to a wildcard while also havin...
Cross site scripting
This package provides universal methods to use multiple template engines with the Fiber web framework using the Views interface. This vulnerability specifically impacts web applications that render user-supplied data through this template engine, potentially leading to the execution of malicious...
CVE-2024-22199 Django Template Engine Vulnerable to XSS
This package provides universal methods to use multiple template engines with the Fiber web framework using the Views interface. This vulnerability specifically impacts web applications that render user-supplied data through this template engine, potentially leading to the execution of malicious...
CVE-2024-22199
The CVE-2024-22199 entry concerns Cross-site Scripting (XSS) in the GoFiber Django template engine (github.com/gofiber/template/django/v3) used with Fiber. Root cause is improper handling of user-supplied data via the Views interface, enabling XSS unless autoescaping is enforced. A patch has been...
CVE-2024-22199 Django Template Engine Vulnerable to XSS
This package provides universal methods to use multiple template engines with the Fiber web framework using the Views interface. This vulnerability specifically impacts web applications that render user-supplied data through this template engine, potentially leading to the execution of malicious...
CVE-2024-22199 Django Template Engine Vulnerable to XSS
This package provides universal methods to use multiple template engines with the Fiber web framework using the Views interface. This vulnerability specifically impacts web applications that render user-supplied data through this template engine, potentially leading to the execution of malicious...
GHSA-4MQ2-GC4J-CMW6 Django Template Engine Vulnerable to XSS
Impact Vulnerability Type: Cross-Site Scripting XSS Affected Users: All users of the Django template engine for Fiber prior to the patch. This vulnerability specifically impacts web applications that render user-supplied data through this template engine, potentially leading to the execution of...
Django Template Engine Vulnerable to XSS
Impact Vulnerability Type: Cross-Site Scripting XSS Affected Users: All users of the Django template engine for Fiber prior to the patch. This vulnerability specifically impacts web applications that render user-supplied data through this template engine, potentially leading to the execution of...
Fiber Security Breach
Fiber is an open source web framework written in the Go language. A security vulnerability exists in Fiber template versions prior to 3.1.9, which stems from the presence of a cross-site scripting XSS vulnerability. The vulnerability can be exploited by an attacker to execute malicious script in ...
PT-2024-19268 · Unknown · Django Template Engine
Name of the Vulnerable Software and Affected Versions: Django template engine for Fiber versions prior to the latest patched version Description: This issue specifically impacts web applications that render user-supplied data through the Django template engine, potentially leading to the executio...
GO-2023-2116 CSRF token validation vulnerability in github.com/gofiber/fiber/v2
A cross-site request forgery vulnerability can allow an attacker to obtain tokens and forge malicious requests on behalf of a user. This can lead to unauthorized actions being taken on the user's behalf, potentially compromising the security and integrity of the application. The vulnerability is...
GO-2023-2115 CSRF token reuse vulnerability in github.com/gofiber/fiber/v2
A cross-site request forgery vulnerability in this package can allow an attacker to inject arbitrary values and forge malicious requests on behalf of a user. The attacker may inject arbitrary values without any authentication, or perform various malicious actions on behalf of an authenticated use...
Cross-Site Request Forgery (CSRF)
github.com/gofiber/fiber is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is caused by improper validation and enforcement of CSRF tokens within the application. An attacker is able to trick a user into performing unauthorized actions on the application, such as changing their...
Cross-Site Request Forgery (CSRF)
github.com/gofiber/fiber is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to improper validation and enforcement of CSRF tokens within the application. An attacker is able to exploit this vulnerability by tricking a user into clicking on a malicious link or by sending a...
CVE-2023-45128
Fiber is an express inspired web framework written in Go. A Cross-Site Request Forgery CSRF vulnerability has been identified in the application, which allows an attacker to inject arbitrary values and forge malicious requests on behalf of a user. This vulnerability can allow an attacker to injec...
CVE-2023-45141
Fiber is an express inspired web framework written in Go. A Cross-Site Request Forgery CSRF vulnerability has been identified in the application, which allows an attacker to obtain tokens and forge malicious requests on behalf of a user. This can lead to unauthorized actions being taken on the...
Cross site request forgery (csrf)
Fiber is an express inspired web framework written in Go. A Cross-Site Request Forgery CSRF vulnerability has been identified in the application, which allows an attacker to obtain tokens and forge malicious requests on behalf of a user. This can lead to unauthorized actions being taken on the...
CVE-2023-45141 CSRF Token Validation Vulnerability in fiber
Fiber is an express inspired web framework written in Go. A Cross-Site Request Forgery CSRF vulnerability has been identified in the application, which allows an attacker to obtain tokens and forge malicious requests on behalf of a user. This can lead to unauthorized actions being taken on the...
CVE-2023-45141
CVE-2023-45141 affects the Go framework fiber (Fiber). The CSRF token validation vulnerability arises from improper validation/enforcement of CSRF tokens, with tokens not tied to the original requester allowing token reuse and forged actions. Affected data paths include token handling in fiber/v2...