Lucene search
K

108 matches found

BDU FSTEC
BDU FSTEC
added 2025/03/12 12:0 a.m.5 views

The vulnerability of the MFlash secure data exchange platform lies in its insufficient authentication attempt limitation, which allows a perpetrator to gain unauthorized access to the platform.

The vulnerability of the MFlash secure messaging platform is related to insufficient restrictions on authentication attempts. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to the platform...

10CVSS5.5AI score
Exploits0Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/03/12 12:0 a.m.7 views

The vulnerability of the MFlash secure data exchange platform lies in the lack of protective measures for the website structure, allowing attackers to execute arbitrary code.

The vulnerability of the MFlash secure messaging platform is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by injecting specially crafted HTML code...

8.7CVSS6AI score
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/02/04 11:0 p.m.9 views

CVE-2024-0875

A stored cross-site scripting XSS vulnerability exists in openemr/openemr version 7.0.1. An attacker can inject malicious payloads into the 'inputBody' field in the Secure Messaging feature, which can then be sent to other users. When the recipient views the malicious message, the payload is...

8.1CVSS4.7AI score0.00372EPSS
Exploits1References1
NVD
NVD
added 2024/11/15 11:15 a.m.24 views

CVE-2024-0875

A stored cross-site scripting XSS vulnerability exists in openemr/openemr version 7.0.1. An attacker can inject malicious payloads into the 'inputBody' field in the Secure Messaging feature, which can then be sent to other users. When the recipient views the malicious message, the payload is...

8.1CVSS0.00372EPSS
Exploits1References2
OSV
OSV
added 2024/11/15 10:57 a.m.13 views

CVE-2024-0875 Stored XSS in openemr/openemr

A stored cross-site scripting XSS vulnerability exists in openemr/openemr version 7.0.1. An attacker can inject malicious payloads into the 'inputBody' field in the Secure Messaging feature, which can then be sent to other users. When the recipient views the malicious message, the payload is...

8.1CVSS7AI score0.00372EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2024/11/15 10:57 a.m.12 views

CVE-2024-0875 Stored XSS in openemr/openemr

A stored cross-site scripting XSS vulnerability exists in openemr/openemr version 7.0.1. An attacker can inject malicious payloads into the 'inputBody' field in the Secure Messaging feature, which can then be sent to other users. When the recipient views the malicious message, the payload is...

8.1CVSS7AI score0.00372EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/11/15 10:57 a.m.29 views

CVE-2024-0875 Stored XSS in openemr/openemr

A stored cross-site scripting XSS vulnerability exists in openemr/openemr version 7.0.1. An attacker can inject malicious payloads into the 'inputBody' field in the Secure Messaging feature, which can then be sent to other users. When the recipient views the malicious message, the payload is...

8.1CVSS0.00372EPSS
Exploits1References2
CVE
CVE
added 2024/11/15 10:57 a.m.53 views

CVE-2024-0875

CVE-2024-0875 affects OpenEMR/OpenEMR v7.0.1, where a stored XSS in the Secure Messaging feature allows injection into the inputBody field and execution when recipients view the message, potentially compromising accounts. The issue is fixed in v7.0.2.1. Affected component: Secure Messaging, vulne...

8.1CVSS5.6AI score0.00372EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2024/11/15 12:0 a.m.4 views

OpenEMR 跨站脚本漏洞

OpenEMR is an open source medical management system from the OpenEMR community. The system can be used for medical practice management, electronic medical records, prescription writing, and medical billing requests. A cross-site scripting vulnerability exists in OpenEMR version 7.0.1. The...

8.1CVSS7.7AI score0.00372EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/11/15 12:0 a.m.6 views

PT-2024-15883 · Openemr · Openemr

Name of the Vulnerable Software and Affected Versions: openemr/openemr version 7.0.1 Description: A stored cross-site scripting XSS issue exists in the Secure Messaging feature. An attacker can inject malicious payloads into the inputBody field, which can then be sent to other users. When the...

8.1CVSS7.5AI score0.00372EPSS
Exploits1References8
Kitploit
Kitploit
added 2023/11/11 11:30 a.m.47 views

CryptoChat - Beyond Secure Messaging

Welcome to CryptChat - where conversations remain truly private. Built on the robust Python ecosystem, our application ensures that every word you send is wrapped in layers of encryption. Whether you're discussing sensitive business details or sharing personal stories, CryptChat provides the...

7.2AI score
Exploits0References1
Schneier on Security
Schneier on Security
added 2023/04/24 10:39 a.m.8 views

UK Threatens End-to-End Encryption

In an open letter, seven secure messaging apps--including Signal and WhatsApp--point out that the UKs Online Safety Bill could destroy end-to-end encryption: As currently drafted, the Bill could break end-to-end encryption,opening the door to routine, general and indiscriminate surveillance of...

6.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/04/14 4:0 a.m.17 views

WhatsApp introduces new security features

WhatsApp has announced several new security features which include an extra check when an account is transferred to a new device. This check asks that users confirm the transfer on their old device. This should warn users in case there is a transfer in progress started by somebody trying to hijac...

6.7AI score
Exploits0
Fedora
Fedora
added 2022/07/30 1:57 a.m.14 views

[SECURITY] Fedora 36 Update: golang-github-fernet-0-0.10.20200726giteff2850.fc36

Fernet takes a user-provided message an arbitrary sequence of bytes, a key 256 bits, and the current time, and produces a token, which contains the message in a form that can't be read or altered without the key...

7.3AI score
Exploits0
NVD
NVD
added 2022/06/23 7:15 a.m.28 views

CVE-2022-31009

wire-ios is an iOS client for the Wire secure messaging application. Invalid accent colors of Wire communication partners may render the iOS Wire Client partially unusable by causing it to crash multiple times on launch. These invalid accent colors can be used by and sent between Wire users. The...

6.5CVSS0.00637EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2022/06/23 7:15 a.m.29 views

CVE-2022-31009

wire-ios is an iOS client for the Wire secure messaging application. Invalid accent colors of Wire communication partners may render the iOS Wire Client partially unusable by causing it to crash multiple times on launch. These invalid accent colors can be used by and sent between Wire users. The...

6.5CVSS2.2AI score0.00637EPSS
Exploits0
Prion
Prion
added 2022/06/23 7:15 a.m.15 views

Design/Logic Flaw

wire-ios is an iOS client for the Wire secure messaging application. Invalid accent colors of Wire communication partners may render the iOS Wire Client partially unusable by causing it to crash multiple times on launch. These invalid accent colors can be used by and sent between Wire users. The...

4CVSS6AI score0.00637EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2022/06/23 6:40 a.m.26 views

CVE-2022-31009 DoS vulnerability: Invalid Accent Colors

wire-ios is an iOS client for the Wire secure messaging application. Invalid accent colors of Wire communication partners may render the iOS Wire Client partially unusable by causing it to crash multiple times on launch. These invalid accent colors can be used by and sent between Wire users. The...

5.7CVSS6.4AI score0.00637EPSS
Exploits0References4
Cvelist
Cvelist
added 2022/06/23 6:40 a.m.34 views

CVE-2022-31009 DoS vulnerability: Invalid Accent Colors

wire-ios is an iOS client for the Wire secure messaging application. Invalid accent colors of Wire communication partners may render the iOS Wire Client partially unusable by causing it to crash multiple times on launch. These invalid accent colors can be used by and sent between Wire users. The...

5.7CVSS6.3AI score0.00637EPSS
Exploits0References2
Kitploit
Kitploit
added 2022/05/18 9:30 p.m.28 views

Cyph - Cryptographically Secure Messaging And Social Networking Service

Cyph is a cryptographically secure messaging and social networking service, providing an extreme level of privacy combined with best-in-class ease of use. Cyph’s patented technology — built by former SpaceX engineers, audited by Cure53, and the basis of research presentations at Black Hat and DEF...

7.1AI score
Exploits0References3
Rows per page
Query Builder