23 matches found
CVE-2025-63785
A DOM-based Cross-Site Scripting XSS vulnerability exists in the text editor feature of the Onlook web application 0.2.32. This vulnerability occurs because user-supplied input is not properly sanitized before being directly injected into the DOM via innerHTML when editing a text element. An...
CVE-2025-63784
An Open Redirect vulnerability exists in the OAuth callback handler in file onlook/apps/web/client/src/app/auth/callback/route.ts in Onlook web application 0.2.32. The vulnerability occurs because the application trusts the X-Forwarded-Host header value without proper validation when constructing...
CVE-2025-63783
A Broken Object Level Authorization BOLA vulnerability was discovered in the tRPC project mutation APIs update, delete, add/remove tag of the Onlook web application 0.2.32. The vulnerability exists because the API fails to verify the ownership or membership of the currently authenticated user for...
EUVD-2025-38272
A Broken Object Level Authorization BOLA vulnerability was discovered in the tRPC project mutation APIs update, delete, add/remove tag of the Onlook web application 0.2.32. The vulnerability exists because the API fails to verify the ownership or membership of the currently authenticated user for...
EUVD-2025-38263
A DOM-based Cross-Site Scripting XSS vulnerability exists in the text editor feature of the Onlook web application 0.2.32. This vulnerability occurs because user-supplied input is not properly sanitized before being directly injected into the DOM via innerHTML when editing a text element. An...
CVE-2025-63785
A DOM-based Cross-Site Scripting XSS vulnerability exists in the text editor feature of the Onlook web application 0.2.32. This vulnerability occurs because user-supplied input is not properly sanitized before being directly injected into the DOM via innerHTML when editing a text element. An...
CVE-2025-63784
An Open Redirect vulnerability exists in the OAuth callback handler in file onlook/apps/web/client/src/app/auth/callback/route.ts in Onlook web application 0.2.32. The vulnerability occurs because the application trusts the X-Forwarded-Host header value without proper validation when constructing...
CVE-2025-63784
An Open Redirect vulnerability exists in the OAuth callback handler in file onlook/apps/web/client/src/app/auth/callback/route.ts in Onlook web application 0.2.32. The vulnerability occurs because the application trusts the X-Forwarded-Host header value without proper validation when constructing...
CVE-2025-63785
A DOM-based Cross-Site Scripting XSS vulnerability exists in the text editor feature of the Onlook web application 0.2.32. This vulnerability occurs because user-supplied input is not properly sanitized before being directly injected into the DOM via innerHTML when editing a text element. An...
CVE-2025-63783
A Broken Object Level Authorization BOLA vulnerability was discovered in the tRPC project mutation APIs update, delete, add/remove tag of the Onlook web application 0.2.32. The vulnerability exists because the API fails to verify the ownership or membership of the currently authenticated user for...
CVE-2025-63783
A Broken Object Level Authorization BOLA vulnerability was discovered in the tRPC project mutation APIs update, delete, add/remove tag of the Onlook web application 0.2.32. The vulnerability exists because the API fails to verify the ownership or membership of the currently authenticated user for...
CVE-2025-63783
A Broken Object Level Authorization BOLA vulnerability was discovered in the tRPC project mutation APIs update, delete, add/remove tag of the Onlook web application 0.2.32. The vulnerability exists because the API fails to verify the ownership or membership of the currently authenticated user for...
CVE-2025-63785
A DOM-based Cross-Site Scripting XSS vulnerability exists in the text editor feature of the Onlook web application 0.2.32. This vulnerability occurs because user-supplied input is not properly sanitized before being directly injected into the DOM via innerHTML when editing a text element. An...
CVE-2025-63783
A Broken Object Level Authorization BOLA vulnerability was discovered in the tRPC project mutation APIs update, delete, add/remove tag of the Onlook web application 0.2.32. The vulnerability exists because the API fails to verify the ownership or membership of the currently authenticated user for...
Onlook 安全漏洞
Onlook is a source code visual editing tool from the Onlook open source. A security vulnerability exists in Onlook version 0.2.32, which stems from a text editor feature that does not properly clean up user input and could lead to a cross-site scripting attack...
Onlook 安全漏洞
Onlook is a source code visual editing tool from the Onlook open source. A security vulnerability exists in Onlook version 0.2.32 that stems from not properly validating the X-Forwarded-Host header value, which could result in a redirect to an arbitrary external website...
CVE-2025-63784
An Open Redirect vulnerability exists in the OAuth callback handler in file onlook/apps/web/client/src/app/auth/callback/route.ts in Onlook web application 0.2.32. The vulnerability occurs because the application trusts the X-Forwarded-Host header value without proper validation when constructing...
Onlook 安全漏洞
Onlook is a source code visual editing tool from the Onlook open source. A security vulnerability exists in Onlook version 0.2.32, which stems from the API not validating the ownership or membership of the current authenticated user for the requested item ID, potentially resulting in compromised...
PT-2025-45471
Name of the Vulnerable Software and Affected Versions Onlook versions 0.2.32 Description A DOM-based Cross-Site Scripting XSS issue exists in the text editor feature. The problem arises because user-supplied input is not properly sanitized before being injected into the DOM via innerHTML when...
PT-2025-45466
Name of the Vulnerable Software and Affected Versions Onlook web application version 0.2.32 Description A Broken Object Level Authorization BOLA issue exists in the tRPC project mutation APIs update, delete, add/remove tag of the Onlook web application. The API does not properly validate if the...