CVE-2025-8794

A vulnerability, which was classified as problematic, has been found in LitmusChaos Litmus up to 3.19.0. Affected by this issue is some unknown functionality of the component LocalStorage Handler. The manipulation of the argument projectID leads to authorization bypass. Local access is required t...

CVE-2025-8794 LitmusChaos Litmus LocalStorage authorization

A vulnerability, which was classified as problematic, has been found in LitmusChaos Litmus up to 3.19.0. Affected by this issue is some unknown functionality of the component LocalStorage Handler. The manipulation of the argument projectID leads to authorization bypass. Local access is required t...

LitmusChaos 安全漏洞

LitmusChaos is a program open-sourced by Litmus Chaos that practices chaos engineering in a cloud-native manner. A security vulnerability exists in LitmusChaos 3.19.0 and earlier versions, which stems from improper handling of the parameter projectID in the component LocalStorage Handler, which...

PT-2025-32468 · Unknown · Litmuschaos Litmus

Name of the Vulnerable Software and Affected Versions: LitmusChaos Litmus versions prior to 3.19.1 Description: A problematic issue exists in the LocalStorage Handler component of LitmusChaos Litmus. Manipulation of the projectID argument can lead to authorization bypass. Local access is required...

LitmusChaos 安全漏洞

LitmusChaos is a program open-sourced by Litmus Chaos that practices chaos engineering in a cloud-native manner. A security vulnerability exists in LitmusChaos 3.19.0 and earlier versions, which stems from a permissions issue in the component LocalStorage Handler that could lead to a remote attac...

Malicious code in fe-lib-localstorage (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2248551164f3d70ada0fcc43237796170d7613eb7bce9bcbd718d78b64262f9b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-5689 Malicious code in fe-lib-localstorage (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2248551164f3d70ada0fcc43237796170d7613eb7bce9bcbd718d78b64262f9b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in localstorage-retry (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2eccc1f61f6a4e5f1c34925b0fe72e4660688f0f1fd594933cc71c605b3ceaa2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-43801

Jellyfin is an open source self hosted media server. The Jellyfin user profile image upload accepts SVG files, allowing for a stored XSS attack against an admin user via a specially crafted malicious SVG file. When viewed by an admin outside of the Jellyfin Web UI e.g. via "view image" in a...

CVE-2023-3482

When Firefox is configured to block storage of all cookies, it was still possible to store data in localstorage by using an iframe with a source of 'about:blank'. This could have led to malicious websites storing tracking data without permission. This vulnerability affects Firefox 115...

CVE-2013-5130

WebKit in Apple Safari before 6.1 disables the Private Browsing feature upon a launch of the Web Inspector, which makes it easier for context-dependent attackers to obtain browsing information by leveraging LocalStorage/ files...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal in the LocalStorage component where specially crafted Content-Disposition headers containing .. in the filename could be used to access files outside the intended storage directories. Details A Directory Traversal...

CVE-2024-47529

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. OpenC3 COSMOS stores the password of a user unencrypted in the LocalStorage of a web browser. This makes the user password susceptible to exfiltration via Cross-site scripting s...

PYSEC-2024-121

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. OpenC3 COSMOS stores the password of a user unencrypted in the LocalStorage of a web browser. This makes the user password susceptible to exfiltration via Cross-site scripting s...

OpenC3 stores passwords in clear text (`GHSL-2024-129`)

Summary OpenC3 COSMOS stores the password of a user unencrypted in the LocalStorage of a web browser. This makes the user password susceptible to exfiltration via Cross-site scripting see GHSL-2024-128. Note: This CVE only affects Open Source edition, and not OpenC3 COSMOS Enterprise Edition Impa...

CVE-2024-47529

Summary: OpenC3 COSMOS stores a user password in unencrypted form in the browser’s LocalStorage, creating a risk of password exfiltration via cross-site scripting (XSS). The issue is documented as affecting the Open Source edition and is fixed in version 5.19.0 (Open Source edition). What’s affec...

CVE-2024-47529 OpenC3 COSMOS uses clear text storage of password/token (`GHSL-2024-129`)

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. OpenC3 COSMOS stores the password of a user unencrypted in the LocalStorage of a web browser. This makes the user password susceptible to exfiltration via Cross-site scripting s...

CVE-2024-47529 OpenC3 COSMOS uses clear text storage of password/token (`GHSL-2024-129`)

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. OpenC3 COSMOS stores the password of a user unencrypted in the LocalStorage of a web browser. This makes the user password susceptible to exfiltration via Cross-site scripting s...

CVE-2024-47529 OpenC3 COSMOS uses clear text storage of password/token (`GHSL-2024-129`)

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. OpenC3 COSMOS stores the password of a user unencrypted in the LocalStorage of a web browser. This makes the user password susceptible to exfiltration via Cross-site scripting s...

PT-2024-32642 · Openc3 · Openc3 Cosmos

Name of the Vulnerable Software and Affected Versions: OpenC3 COSMOS versions prior to 5.19.0 Description: OpenC3 COSMOS stores the password of a user unencrypted in the LocalStorage of a web browser. This makes the user password susceptible to exfiltration via Cross-site scripting. The issue may...