Lucene search
K

268 matches found

Cvelist
Cvelist
added 2024/03/13 8:19 p.m.31 views

CVE-2024-28193 Disclosure of Spotify API Access Tokens to Guest Users Using Public Tokens in your_spotify

yourspotify is an open source, self hosted Spotify tracking dashboard. YourSpotify version 1.8.0 allows users to create a public token in the settings, which can be used to provide guest-level access to the information of that specific user in YourSpotify. The /me API endpoint discloses Spotify A...

6.5CVSS6.5AI score0.0064EPSS
Exploits1References1
OSV
OSV
added 2024/03/13 8:19 p.m.10 views

CVE-2024-28193 Disclosure of Spotify API Access Tokens to Guest Users Using Public Tokens in your_spotify

yourspotify is an open source, self hosted Spotify tracking dashboard. YourSpotify version 1.8.0 allows users to create a public token in the settings, which can be used to provide guest-level access to the information of that specific user in YourSpotify. The /me API endpoint discloses Spotify A...

6.5CVSS6.2AI score0.0064EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2024/03/13 8:19 p.m.20 views

CVE-2024-28193 Disclosure of Spotify API Access Tokens to Guest Users Using Public Tokens in your_spotify

yourspotify is an open source, self hosted Spotify tracking dashboard. YourSpotify version 1.8.0 allows users to create a public token in the settings, which can be used to provide guest-level access to the information of that specific user in YourSpotify. The /me API endpoint discloses Spotify A...

6.5CVSS6.7AI score0.0064EPSS
Exploits1References1
CVE
CVE
added 2024/03/13 8:19 p.m.91 views

CVE-2024-28193

The CVE affects YourSpotify

6.5CVSS6.3AI score0.0064EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2024/03/13 5:16 p.m.16 views

CVE-2024-28195 Cross-Site Request Forgery (CSRF) vulnerability in API and login in your_spotify

yourspotify is an open source, self hosted Spotify tracking dashboard. YourSpotify versions 1.9.0 do not protect the API and login flow against Cross-Site Request Forgery CSRF. Attackers can use this to execute CSRF attacks on victims, allowing them to retrieve, modify or delete data on the...

8.1CVSS8.3AI score0.0037EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/03/13 5:10 p.m.29 views

CVE-2024-28196 Clickjacking in your_spotify

yourspotify is an open source, self hosted Spotify tracking dashboard. YourSpotify version 1.9.0 does not prevent other pages from displaying it in an iframe and is thus vulnerable to clickjacking. Clickjacking can be used to trick an existing user of YourSpotify to trigger actions, such as...

6.5CVSS6.5AI score0.00436EPSS
Exploits1References1
OSV
OSV
added 2024/02/19 12:5 a.m.13 views

OSV-2024-117 Security exception in com.spotify.docker.client.shaded.com.fasterxml.jackson.databind.util.TokenBuffer

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=66745 Crash type: Security exception Crash state: com.spotify.docker.client.shaded.com.fasterxml.jackson.databind.util.TokenBuffer java.base/java.nio.charset.CharsetEncoder. java.base/sun.nio.cs.CESU8$Encoder...

7.1AI score
Exploits0References1
OSV
OSV
added 2023/11/17 11:25 a.m.21 views

MAL-2023-8524 Malicious code in spotify-internal (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6884d2a77686f419c030b7aabf153bc9524a9065a79051850a4dc0715d197267 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2023/11/17 11:25 a.m.4 views

Malicious code in spotify-internal (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6884d2a77686f419c030b7aabf153bc9524a9065a79051850a4dc0715d197267 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.8AI score
Exploits0References1
Talos Blog
Talos Blog
added 2023/11/16 7:0 p.m.37 views

We all just need to agree that ad blockers are good

I dont think this is a particularly bold take -- but Im not afraid to say that ad blockers are good! Ever since I started using one sometime in 2016, my experience of using the internet has improved exponentially. I can finally easily find a recipe for dinner on a random influencers blog, get a...

4.3CVSS7.3AI score0.1667EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/10/13 12:0 a.m.9 views

Sp*tify Play Button for WordPress <= 2.10 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

8.8CVSS6.4AI score0.00214EPSS
Exploits0
OSV
OSV
added 2023/10/12 3:15 p.m.5 views

CVE-2023-41131

Cross-Site Request Forgery CSRF vulnerability in Jonk @ Follow me Darling Sptify Play Button for WordPress plugin = 2.10 versions...

8.8CVSS7.3AI score0.00214EPSS
Exploits0References1
CVE
CVE
added 2023/10/12 2:26 p.m.89 views

CVE-2023-41131

CVE-2023-41131 refers to a CSRF vulnerability in the WordPress plugin Sptify Play Button for WordPress (Jonk @ Follow me Darling Sp tify Play Button) affecting versions

8.8CVSS6.6AI score0.00214EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2023/10/12 12:0 a.m.6 views

WordPress plugin Sp*tify Play Button Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

8.8CVSS6.6AI score0.00214EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/10/12 12:0 a.m.5 views

PT-2023-27815 · WordPress · Jonk @ Follow Me Darling Sp*Tify Play Button

Name of the Vulnerable Software and Affected Versions: Jonk @ Follow me Darling Sptify Play Button for WordPress plugin versions = 2.10 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performi...

8.8CVSS8.5AI score0.00214EPSS
Exploits0References4
NVD
NVD
added 2023/10/02 10:15 a.m.17 views

CVE-2023-44145

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in jesweb.Dev Anchor Episodes Index Spotify for Podcasters plugin = 2.1.7 versions...

6.5CVSS5.9AI score0.00328EPSS
Exploits0References1
Prion
Prion
added 2023/10/02 10:15 a.m.16 views

Cross site scripting

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in jesweb.Dev Anchor Episodes Index Spotify for Podcasters plugin = 2.1.7 versions...

4.9CVSS5.2AI score0.00328EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/10/02 9:49 a.m.18 views

CVE-2023-44145 WordPress Anchor Episodes Index (Spotify for Podcasters) Plugin <= 2.1.7 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in jesweb.Dev Anchor Episodes Index Spotify for Podcasters plugin = 2.1.7 versions...

6.5CVSS5.7AI score0.00328EPSS
Exploits0References1
CVE
CVE
added 2023/10/02 9:49 a.m.47 views

CVE-2023-44145

The CVE-2023-44145 entry concerns the WordPress plugin Anchor Episodes Index (Spotify for Podcasters) by jesweb.Dev. A Stored Cross-Site Scripting (XSS) vulnerability affects versions ≤ 2.1.7, exploitable by an authenticated user with admin+ privileges. The issue arises in how the plugin handles ...

6.5CVSS5.5AI score0.00328EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/10/02 12:0 a.m.9 views

PT-2023-29129 · WordPress · Jesweb.Dev Anchor Episodes Index

Name of the Vulnerable Software and Affected Versions: jesweb.Dev Anchor Episodes Index Spotify for Podcasters plugin versions = 2.1.7 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin+ privileges. Recommendations: For...

6.5CVSS5.3AI score0.00328EPSS
Exploits0References4
Rows per page
Query Builder