73 matches found
CVE-2024-22892
OpenSlides 4.0.15 is affected by a vulnerability due to using a weak hashing algorithm for password storage. The CVE-2024-22892 entry, with a CVSS v3.1 base score of 7.5 (HIGH), indicates network attack potential with low complexity and no privileges required. The issue targets the password hashi...
CVE-2024-22893
OpenSlides 4.0.15 is affected by a timing-attack vulnerability in password verification, where the hash comparison runs in a content-dependent way. This can allow an attacker to infer information about password hashes. Details across sources consistently identify the affected version as 4.0.15 an...
CVE-2020-26280
OpenSlides is a free, Web-based presentation and assembly system for managing and projecting agenda, motions, and elections of assemblies. OpenSlides version 3.2, due to unsufficient user input validation and escaping, it is vulnerable to persistant cross-site scripting XSS. In the web applicatio...
Cross-site Scripting (XSS)
openslides is vulnerable to cross-site scirpting XSS. An attacker is able to inject a malicious script via various places, e.g. for personal notes or in motions and get it executed when other users read the respective text...
CVE-2020-26280
OpenSlides is a free, Web-based presentation and assembly system for managing and projecting agenda, motions, and elections of assemblies. OpenSlides version 3.2, due to unsufficient user input validation and escaping, it is vulnerable to persistant cross-site scripting XSS. In the web applicatio...
CVE-2020-26280
OpenSlides is a free, Web-based presentation and assembly system for managing and projecting agenda, motions, and elections of assemblies. OpenSlides version 3.2, due to unsufficient user input validation and escaping, it is vulnerable to persistant cross-site scripting XSS. In the web applicatio...
openslides-presenter (=2.0.3), openslides-protocol (=1.0.0) +2 more potentially affected by CVE-2020-26280 via openslides (>=2.1.1 <=2.2.0)
openslides PYPI version =2.1.1, =2.0.1, =2.0.2 Source cves: CVE-2020-26280 Source advisory: OSV:PYSEC-2020-72...
Cross site scripting
OpenSlides is a free, Web-based presentation and assembly system for managing and projecting agenda, motions, and elections of assemblies. OpenSlides version 3.2, due to unsufficient user input validation and escaping, it is vulnerable to persistant cross-site scripting XSS. In the web applicatio...
PYSEC-2020-72
OpenSlides is a free, Web-based presentation and assembly system for managing and projecting agenda, motions, and elections of assemblies. OpenSlides version 3.2, due to unsufficient user input validation and escaping, it is vulnerable to persistant cross-site scripting XSS. In the web applicatio...
PYSEC-2020-72
OpenSlides is a free, Web-based presentation and assembly system for managing and projecting agenda, motions, and elections of assemblies. OpenSlides version 3.2, due to unsufficient user input validation and escaping, it is vulnerable to persistant cross-site scripting XSS. In the web applicatio...
CVE-2020-26280 XSS in OpenSlides
OpenSlides is a free, Web-based presentation and assembly system for managing and projecting agenda, motions, and elections of assemblies. OpenSlides version 3.2, due to unsufficient user input validation and escaping, it is vulnerable to persistant cross-site scripting XSS. In the web applicatio...
CVE-2020-26280
OpenSlides (v3.2 affected) is vulnerable to persistent cross-site scripting (XSS) due to insufficient input validation/escaping in rich-text fields. The vulnerability was introduced with commit 6eae497abeab234418dfbd9d299e831eff86ed45 and first appeared in the 3.2 release; it could allow an attac...
Cross-Site Scripting (XSS)
openslides is vulnerable to cross-site scripting XSS attacks. The vulnerability exists due to the lack of sanitization of strings from CKEditor...