28 matches found
PT-2026-23518
Name of the Vulnerable Software and Affected Versions OpenReplay versions prior to 1.20.0 Description OpenReplay is a self-hosted session replay suite. The /projectId/cards/search API endpoint is susceptible to SQL injection due to a flaw in the sort.field parameter. This allows for potential...
EUVD-2023-52299
Malicious code in bioql PyPI...
CVE-2023-48226
OpenReplay is a self-hosted session replay suite. In version 1.14.0, due to lack of validation Name field - Account Settings for registration looks like validation is correct, a bad actor can send emails with HTML injected code to the victims. Bad actors can use this to phishing actions for...
Design/Logic Flaw
OpenReplay is a self-hosted session replay suite. In version 1.14.0, due to lack of validation Name field - Account Settings for registration looks like validation is correct, a bad actor can send emails with HTML injected code to the victims. Bad actors can use this to phishing actions for...
CVE-2023-48226 OpenReplay HTML Injection vulnerability
OpenReplay is a self-hosted session replay suite. In version 1.14.0, due to lack of validation Name field - Account Settings for registration looks like validation is correct, a bad actor can send emails with HTML injected code to the victims. Bad actors can use this to phishing actions for...
CVE-2023-48226 OpenReplay HTML Injection vulnerability
OpenReplay is a self-hosted session replay suite. In version 1.14.0, due to lack of validation Name field - Account Settings for registration looks like validation is correct, a bad actor can send emails with HTML injected code to the victims. Bad actors can use this to phishing actions for...
CVE-2023-48226
OpenReplay OpenReplay 1.14.0 is affected by an HTML-injection vulnerability in the Name field under Account Settings. The root cause is lack of validation, permitting an attacker to craft emails that include injected HTML content for phishing/content spoofing. The description states that FullName...
OpenReplay Security Vulnerabilities
OpenReplay is developer-friendly, self-hosted session replay. A security vulnerability exists in OpenReplay version 1.14.0 and prior releases that stems from a lack of validation of Name field-Account Settings, which allows an attacker to send an email with HTML injection code to a victim...