Lucene search
K

28 matches found

Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.11 views

PT-2026-23518

Name of the Vulnerable Software and Affected Versions OpenReplay versions prior to 1.20.0 Description OpenReplay is a self-hosted session replay suite. The /projectId/cards/search API endpoint is susceptible to SQL injection due to a flaw in the sort.field parameter. This allows for potential...

9.8CVSS5.8AI score0.00341EPSS
Exploits1References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-52299

Malicious code in bioql PyPI...

6.5CVSS5AI score0.00779EPSS
Exploits1References5
NVD
NVD
added 2023/11/21 8:15 p.m.9 views

CVE-2023-48226

OpenReplay is a self-hosted session replay suite. In version 1.14.0, due to lack of validation Name field - Account Settings for registration looks like validation is correct, a bad actor can send emails with HTML injected code to the victims. Bad actors can use this to phishing actions for...

6.5CVSS0.00779EPSS
Exploits1References5
Prion
Prion
added 2023/11/21 8:15 p.m.17 views

Design/Logic Flaw

OpenReplay is a self-hosted session replay suite. In version 1.14.0, due to lack of validation Name field - Account Settings for registration looks like validation is correct, a bad actor can send emails with HTML injected code to the victims. Bad actors can use this to phishing actions for...

3.5CVSS7.2AI score0.00779EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2023/11/21 7:37 p.m.7 views

CVE-2023-48226 OpenReplay HTML Injection vulnerability

OpenReplay is a self-hosted session replay suite. In version 1.14.0, due to lack of validation Name field - Account Settings for registration looks like validation is correct, a bad actor can send emails with HTML injected code to the victims. Bad actors can use this to phishing actions for...

6.5CVSS5.1AI score0.00779EPSS
Exploits1References7
Cvelist
Cvelist
added 2023/11/21 7:37 p.m.17 views

CVE-2023-48226 OpenReplay HTML Injection vulnerability

OpenReplay is a self-hosted session replay suite. In version 1.14.0, due to lack of validation Name field - Account Settings for registration looks like validation is correct, a bad actor can send emails with HTML injected code to the victims. Bad actors can use this to phishing actions for...

6.5CVSS6.8AI score0.00779EPSS
Exploits1References5
CVE
CVE
added 2023/11/21 7:37 p.m.41 views

CVE-2023-48226

OpenReplay OpenReplay 1.14.0 is affected by an HTML-injection vulnerability in the Name field under Account Settings. The root cause is lack of validation, permitting an attacker to craft emails that include injected HTML content for phishing/content spoofing. The description states that FullName...

6.5CVSS4.5AI score0.00779EPSS
Exploits1References5Affected Software1
CNNVD
CNNVD
added 2023/11/21 12:0 a.m.3 views

OpenReplay Security Vulnerabilities

OpenReplay is developer-friendly, self-hosted session replay. A security vulnerability exists in OpenReplay version 1.14.0 and prior releases that stems from a lack of validation of Name field-Account Settings, which allows an attacker to send an email with HTML injection code to a victim...

6.5CVSS7.2AI score0.00779EPSS
Exploits1References6
Rows per page
Query Builder