Lucene search
K

29 matches found

Cvelist
Cvelist
added 2023/07/18 4:59 p.m.34 views

CVE-2023-37259 Cross site scripting in Export Chat feature

matrix-react-sdk is a react-based SDK for inserting a Matrix chat/voip client into a web page. The Export Chat feature includes certain attacker-controlled elements in the generated document without sufficient escaping, leading to stored Cross site scripting XSS. Since the Export Chat feature...

6.1CVSS6AI score0.00448EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2021/09/02 4:52 p.m.82 views

Default CORS config allows any origin with credentials

Impact Origin reflection attack The default CORS configuration is vulnerable to an origin reflection attack. Take the following http4s app app, using the default CORS config, running at https://vulnerable.example.com: scala val routes: HttpRoutesF = HttpRoutes.of case req if req.pathInfo ===...

9.1CVSS8.4AI score0.00594EPSS
Exploits0References4Affected Software6
OSV
OSV
added 2021/09/02 4:52 p.m.6 views

GHSA-52CF-226F-RHR6 Default CORS config allows any origin with credentials

Impact Origin reflection attack The default CORS configuration is vulnerable to an origin reflection attack. Take the following http4s app app, using the default CORS config, running at https://vulnerable.example.com: scala val routes: HttpRoutesF = HttpRoutes.of case req if req.pathInfo ===...

9.1CVSS7.1AI score0.00594EPSS
Exploits0References4
OSV
OSV
added 2021/09/01 8:15 p.m.18 views

CVE-2021-39185

Http4s is a minimal, idiomatic Scala interface for HTTP services. In http4s versions 0.21.26 and prior, 0.22.0 through 0.22.2, 0.23.0, 0.23.1, and 1.0.0-M1 through 1.0.0-M24, the default CORS configuration is vulnerable to an origin reflection attack. The middleware is also susceptible to a Null...

9.1CVSS9.2AI score
Exploits0References2
NVD
NVD
added 2021/09/01 8:15 p.m.45 views

CVE-2021-39185

Http4s is a minimal, idiomatic Scala interface for HTTP services. In http4s versions 0.21.26 and prior, 0.22.0 through 0.22.2, 0.23.0, 0.23.1, and 1.0.0-M1 through 1.0.0-M24, the default CORS configuration is vulnerable to an origin reflection attack. The middleware is also susceptible to a Null...

9.1CVSS0.00594EPSS
Exploits0References2
Prion
Prion
added 2021/09/01 8:15 p.m.18 views

Design/Logic Flaw

Http4s is a minimal, idiomatic Scala interface for HTTP services. In http4s versions 0.21.26 and prior, 0.22.0 through 0.22.2, 0.23.0, 0.23.1, and 1.0.0-M1 through 1.0.0-M24, the default CORS configuration is vulnerable to an origin reflection attack. The middleware is also susceptible to a Null...

6.4CVSS9.1AI score0.00594EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2021/09/01 7:25 p.m.60 views

CVE-2021-39185

Http4s is affected by a vulnerability in the default CORS configuration that enables origin reflection and a Null Origin Attack for versions 0.21.26 and prior, 0.22.0–0.22.2, 0.23.0, 0.23.1, and 1.0.0-M1 through 1.0.0-M24. The issue stems from the default CORS settings allowing credentialed acces...

9.1CVSS9.2AI score0.00594EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2019/03/09 4:29 a.m.22 views

CVE-2019-9580

In st2web in StackStorm Web UI before 2.9.3 and 2.10.x before 2.10.3, it is possible to bypass the CORS protection mechanism via a "null" origin value, potentially leading to XSS...

6.1CVSS6.2AI score0.0299EPSS
Exploits0References3
myhack58
myhack58
added 2016/12/17 12:0 a.m.103 views

Facebook chat history stealing vulnerability, the impact of the billion Messenger users-vulnerability warning-the black bar safety net

In this article, we describe in detail A in Facebook on find Server security vulnerabilities, this vulnerability might affect millions of CORScross-origin resource sharingin the Origin header to allow“NULL”value of the site, the vulnerability will threat the privacy of the user, the malicious...

6.8AI score
Exploits0
Rows per page
Query Builder