21 matches found
EUVD-2021-27076
Malware in sbrugna...
EUVD-2021-27084
Malware in sbrugna...
CVE-2021-3829
openwhyd is vulnerable to URL Redirection to Untrusted Site...
CVE-2021-3837
openwhyd is vulnerable to Improper Authorization...
Openwhyd licensing issue vulnerability
Openwhyd is a music management service. openwhyd suffers from an authorization issue vulnerability that stems from the fact that openwhyd is vulnerable to improper authorization. No detailed vulnerability details are currently available...
CVE-2021-3837
openwhyd is vulnerable to Improper Authorization...
CVE-2021-3837
openwhyd is vulnerable to Improper Authorization...
Authorization
openwhyd is vulnerable to Improper Authorization...
CVE-2021-3837 Improper Authorization in openwhyd/openwhyd
openwhyd is vulnerable to Improper Authorization...
CVE-2021-3837
CVE-2021-3837 affects openwhyd/openwhyd with an Improper Authorization issue in the login flow. The vulnerability arises from insufficient validation of the redirect parameter, which is embedded in the login redirect HTML/JS (htmlRedirect) and can be used to trigger a reflected XSS or redirect-ba...
PT-2022-10715 · Openwhyd · Openwhyd
Name of the Vulnerable Software and Affected Versions: openwhyd affected versions not specified Description: The issue concerns Improper Authorization. There is no information provided about the estimated number of potentially affected devices worldwide or details about real-world incidents where...
Openwhyd 安全漏洞
Openwhyd is a music management service. openwhyd suffers from an authorization issue vulnerability that stems from the fact that openwhyd is vulnerable to improper authorization. No detailed vulnerability details are currently available...
Cross-site Scripting (XSS) - Reflected in openwhyd/openwhyd
Description openwhyd is vulnerable to Reflected XSS vulnerability via the redirect parameter at login page. Payload alertdocument.cookie Vulnerable URL https://openwhyd.org/login?redirect=alertdocument.cookie Proof of Concept Send users the following login link...
Open Redirect in openwhyd/openwhyd
Description openwhyd is vulnerable to Open Redirect vulnerability via the redirect parameter at login page. Vulnerable parameter redirect Vulnerable URL https://openwhyd.org/login?redirect=https://google.com Proof of Concept Send users the following login link...
CVE-2021-3829
openwhyd is vulnerable to URL Redirection to Untrusted Site...
CVE-2021-3829
openwhyd is vulnerable to URL Redirection to Untrusted Site...
CVE-2021-3829 Open Redirect in openwhyd/openwhyd
openwhyd is vulnerable to URL Redirection to Untrusted Site...
CVE-2021-3829
Open Redirect in openwhyd/openwhyd (CVE-2021-3829) is caused by an unsafe redirect implementation in consent handling. The code added a safeRedirect() that uses new URL(url, config.urlPrefix) and then compares fullURL.toString() to config.urlPrefix, which relies on the default URL() behavior (hre...
Cross-site Scripting (XSS) - Stored in openwhyd/openwhyd
Description openwhyd is vulnerable to Stored XSS at the Name field in User Profile. Payload " Steps to reproduce 1.After login, click on the username to go to the Profile page 2.Click Edit Profile button - choose Edit Profile Info 3.In the Name field, input payload "then click Save button 4.Reloa...
Improper Authorization in openwhyd/openwhyd
Description This Account Takeover via Dom XSS vulnerability occurs because the backend does not check the value of the redirect parameter in the login logic. javascript if form.fbUid userModel.updatedbUser.id, $set: fbId: form.fbUid, fbTok: form.fbTok, // access token provided on last facebook...