3 matches found
Authorization Bypass Through User-Controlled Key
Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the Organization V2Beta API endpoints. An attacker can access and modify data belonging to other organizations by bypassing authorization checks with administrator privileges for a...
Medium: python-lxml
Issue Overview: An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling the safeattrsonly and forms arguments, the Cleaner class does not remove the formaction attribute allowing for JS to bypass the sanitizer. A remote attacker could exploit this...
PT-2020-13277
Name of the Vulnerable Software and Affected Versions MJML versions prior to 4.6.3 Description The issue is related to a path traversal vulnerability when processing the mj-include directive within an MJML document. Recommendations For versions prior to 4.6.3, update to version 4.6.3 or later to...