35 matches found
EUVD-2024-47339
Malicious code in bioql PyPI...
EUVD-2024-47338
Malicious code in bioql PyPI...
EUVD-2024-47337
Malicious code in bioql PyPI...
EUVD-2024-47340
Malicious code in bioql PyPI...
CVE-2024-6201
HaloITSM versions up to 2.146.1 are affected by a Template Injection vulnerability within the engine used to generate emails. This can lead to the leakage of potentially sensitive information. HaloITSM versions past 2.146.1 and patches starting from 2.143.61 fix the mentioned vulnerability...
CVE-2025-40846 HaloITSM open redirect via the returnUrl
Improper Input Validation, the returnUrl parameter in Account Security Settings lacks proper input validation, allowing attackers to redirect users to malicious websites Open Redirect and inject JavaScript code to perform cross site scripting attack. The vulnerability affects Halo versions up to...
CVE-2025-40846 HaloITSM open redirect via the returnUrl
Improper Input Validation, the returnUrl parameter in Account Security Settings lacks proper input validation, allowing attackers to redirect users to malicious websites Open Redirect and inject JavaScript code to perform cross site scripting attack. The vulnerability affects Halo versions up to...
CVE-2025-40846
CVE-2025-40846 describes improper input validation of the returnUrl parameter in Halo’s Account Security Settings, enabling Open Redirects and cross-site scripting. Affected: Halo versions up to 2.174.101 and 2.175.1–2.184.21. Impact per CVSS: high with network access, user interaction required. ...
CVE-2024-6203
HaloITSM versions up to 2.146.1 are affected by a Password Reset Poisoning vulnerability. Poisoned password reset links can be sent to existing HaloITSM users given their email address is known. When these poisoned links get accessed e.g. manually by the victim or automatically by an email client...
CVE-2024-6202
HaloITSM versions up to 2.146.1 are affected by a SAML XML Signature Wrapping XSW vulnerability. When having a SAML integration configured, anonymous actors could impersonate arbitrary HaloITSM users by just knowing their email address. HaloITSM versions past 2.146.1 and patches starting from...
CVE-2024-6200
HaloITSM versions up to 2.146.1 are affected by a Stored Cross-Site Scripting XSS vulnerability. The injected JavaScript code can execute arbitrary action on behalf of the user accessing a ticket. HaloITSM versions past 2.146.1 and patches starting from 2.143.61 fix the mentioned vulnerability...
CVE-2024-6201
HaloITSM versions up to 2.146.1 are affected by a Template Injection vulnerability within the engine used to generate emails. This can lead to the leakage of potentially sensitive information. HaloITSM versions past 2.146.1 and patches starting from 2.143.61 fix the mentioned vulnerability...
CVE-2024-6203
HaloITSM versions up to 2.146.1 are affected by a Password Reset Poisoning vulnerability. Poisoned password reset links can be sent to existing HaloITSM users given their email address is known. When these poisoned links get accessed e.g. manually by the victim or automatically by an email client...
CVE-2024-6200
HaloITSM versions up to 2.146.1 are affected by a Stored Cross-Site Scripting XSS vulnerability. The injected JavaScript code can execute arbitrary action on behalf of the user accessing a ticket. HaloITSM versions past 2.146.1 and patches starting from 2.143.61 fix the mentioned vulnerability...
CVE-2024-6202
HaloITSM versions up to 2.146.1 are affected by a SAML XML Signature Wrapping XSW vulnerability. When having a SAML integration configured, anonymous actors could impersonate arbitrary HaloITSM users by just knowing their email address. HaloITSM versions past 2.146.1 and patches starting from...
CVE-2024-6202
HaloITSM versions up to 2.146.1 are affected by a SAML XML Signature Wrapping XSW vulnerability. When having a SAML integration configured, anonymous actors could impersonate arbitrary HaloITSM users by just knowing their email address. HaloITSM versions past 2.146.1 and patches starting from...
CVE-2024-6203
HaloITSM versions up to 2.146.1 are affected by a Password Reset Poisoning vulnerability. Poisoned password reset links can be sent to existing HaloITSM users given their email address is known. When these poisoned links get accessed e.g. manually by the victim or automatically by an email client...
CVE-2024-6200
HaloITSM versions up to 2.146.1 are affected by a Stored Cross-Site Scripting XSS vulnerability. The injected JavaScript code can execute arbitrary action on behalf of the user accessing a ticket. HaloITSM versions past 2.146.1 and patches starting from 2.143.61 fix the mentioned vulnerability...
CVE-2024-6201
HaloITSM versions up to 2.146.1 are affected by a Template Injection vulnerability within the engine used to generate emails. This can lead to the leakage of potentially sensitive information. HaloITSM versions past 2.146.1 and patches starting from 2.143.61 fix the mentioned vulnerability...
CVE-2024-6203 HaloITSM - Password Reset Poisoning
HaloITSM versions up to 2.146.1 are affected by a Password Reset Poisoning vulnerability. Poisoned password reset links can be sent to existing HaloITSM users given their email address is known. When these poisoned links get accessed e.g. manually by the victim or automatically by an email client...