EUVD-2020-18087

Malware in sbrugna...

CVE-2023-26771

Taskcafe 0.3.2 is vulnerable to Cross Site Scripting XSS. There is a lack of validation in the filetype when uploading a SVG profile picture with a XSS payload on it. An authenticated attacker can exploit this vulnerability by uploading a malicious picture which will trigger the payload when the...

CVE-2023-26770

TaskCafe 0.3.2 lacks validation in the Cookie value. Any unauthenticated attacker who knows a registered UserID can change the password of that user...

CVE-2020-25400

Cross domain policies in Taskcafe Project Management tool before version 0.1.0 and 0.1.1 allows remote attackers to access sensitive data such as access token...

CVE-2023-26770

TaskCafe 0.3.2 lacks validation in the Cookie value. Any unauthenticated attacker who knows a registered UserID can change the password of that user...

CVE-2023-26770

TaskCafe 0.3.2 lacks validation in the Cookie value. Any unauthenticated attacker who knows a registered UserID can change the password of that user...

CVE-2023-26771

Taskcafe 0.3.2 is vulnerable to Cross Site Scripting XSS. There is a lack of validation in the filetype when uploading a SVG profile picture with a XSS payload on it. An authenticated attacker can exploit this vulnerability by uploading a malicious picture which will trigger the payload when the...

CVE-2023-26770

TaskCafe 0.3.2 lacks validation in the Cookie value. Any unauthenticated attacker who knows a registered UserID can change the password of that user...

CVE-2023-26771

Taskcafe 0.3.2 is vulnerable to Cross Site Scripting XSS. There is a lack of validation in the filetype when uploading a SVG profile picture with a XSS payload on it. An authenticated attacker can exploit this vulnerability by uploading a malicious picture which will trigger the payload when the...

CVE-2023-26771

Taskcafe 0.3.2 is vulnerable to Cross Site Scripting XSS. There is a lack of validation in the filetype when uploading a SVG profile picture with a XSS payload on it. An authenticated attacker can exploit this vulnerability by uploading a malicious picture which will trigger the payload when the...

PT-2024-12114 · Taskcafe · Taskcafe

Name of the Vulnerable Software and Affected Versions: Taskcafe version 0.3.2 Description: The issue is related to a lack of validation in the filetype when uploading a SVG profile picture with a XSS payload. An authenticated attacker can exploit this by uploading a malicious picture, which will...

CVE-2023-26770

CVE-2023-26770 affects TaskCafe 0.3.2 and is caused by lack of validation in the Cookie value. An unauthenticated attacker who knows a registered UserID can change that user’s password. Public sources (NVD/Red Hat/OSV) describe the issue identically. The Red Hat/NVD entries note no public details...

Jordanknott Taskcafe 安全漏洞

Jordanknott Taskcafe is a project management tool developed in the Go language by Jordanknott. A security vulnerability exists in Jordanknott Taskcafe version 0.3.2, which stems from a lack of validation of cookie values, and allows any unauthenticated attacker who knows the ID of a registered us...

Jordanknott Taskcafe 安全漏洞

Jordanknott Taskcafe is a project management tool developed in Go language by Jordanknott. A security vulnerability exists in Jordanknott Taskcafe version 0.3.2 that stems from vulnerability to cross-site scripting XSS attacks...

CVE-2023-26770

TaskCafe 0.3.2 lacks validation in the Cookie value. Any unauthenticated attacker who knows a registered UserID can change the password of that user...

CVE-2023-26771

Taskcafe 0.3.2 is vulnerable to Cross-Site Scripting (XSS) via an SVG profile picture upload due to a lack of validation in the filetype. An authenticated attacker can upload a malicious SVG, with the payload executed when a victim opens the file. Affected component: upload handling for SVG profi...

CVE-2023-26771

Taskcafe 0.3.2 is vulnerable to Cross Site Scripting XSS. There is a lack of validation in the filetype when uploading a SVG profile picture with a XSS payload on it. An authenticated attacker can exploit this vulnerability by uploading a malicious picture which will trigger the payload when the...

CVE-2023-26771

Taskcafe 0.3.2 is vulnerable to Cross Site Scripting XSS. There is a lack of validation in the filetype when uploading a SVG profile picture with a XSS payload on it. An authenticated attacker can exploit this vulnerability by uploading a malicious picture which will trigger the payload when the...

CVE-2023-26770

TaskCafe 0.3.2 lacks validation in the Cookie value. Any unauthenticated attacker who knows a registered UserID can change the password of that user...

CVE-2020-25400

Cross domain policies in Taskcafe Project Management tool before version 0.1.0 and 0.1.1 allows remote attackers to access sensitive data such as access token...