CVE-2023-6458

CVE-2023-6458 (Mattermost webapp) : A route-parameter validation failure in //channels/ allows client-side path traversal. Root cause: insufficient validation of route parameters in the webapp. Impact: potential exposure of sensitive client-side state via crafted channel URLs; exploitation status...

CVE-2023-6458 Client side path traversal due to lack of route parameters validation

Mattermost webapp fails to validate route parameters in//channels/ allowing an attacker to perform a client-side path traversal...

GHSA-JCGV-3PFQ-J4HR Mattermost Injection vulnerability

Mattermost fails to use innerText / textContent when setting the channel name in the webapp during autocomplete, allowing an attacker to inject HTML to a victim's page by create a channel name that is valid HTML. No XSS is possible though...

Mattermost Injection vulnerability

Mattermost fails to use innerText / textContent when setting the channel name in the webapp during autocomplete, allowing an attacker to inject HTML to a victim's page by create a channel name that is valid HTML. No XSS is possible though...

CVE-2023-35075

Mattermost fails to use innerText / textContent when setting the channel name in the webapp during autocomplete, allowing an attacker to inject HTML to a victim's page by create a channel name that is valid HTML. No XSS is possible though...

CVE-2023-35075

Mattermost fails to use innerText / textContent when setting the channel name in the webapp during autocomplete, allowing an attacker to inject HTML to a victim's page by create a channel name that is valid HTML. No XSS is possible though...

Hardcoded credentials

Mattermost fails to use innerText / textContent when setting the channel name in the webapp during autocomplete, allowing an attacker to inject HTML to a victim's page by create a channel name that is valid HTML. No XSS is possible though...

CVE-2023-35075

CVE-2023-35075 : Mattermost webapp vulnerability where channel names set during autocomplete do not use innerText/textContent, enabling HTML injection into a victim’s page when a name contains HTML. The attack does not produce XSS according to the sources. Affected component is the Mattermost web...

CVE-2023-35075 HTML injection via channel autocomplete

Mattermost fails to use innerText / textContent when setting the channel name in the webapp during autocomplete, allowing an attacker to inject HTML to a victim's page by create a channel name that is valid HTML. No XSS is possible though...

OPENSUSE-SU-2023:0368-1 Security update for chromium

This update for chromium fixes the following issues: Chromium 119.0.6045.123 boo1216978 CVE-2023-5996: Use after free in WebAudio Chromium 119.0.6045.105 boo1216783 CVE-2023-5480: Inappropriate implementation in Payments CVE-2023-5482: Insufficient data validation in USB CVE-2023-5849: Integer...

Microsoft Azure Security Vulnerabilities

Microsoft Azure is a suite of open, enterprise-grade cloud computing platforms from the U.S.-based Microsoft Corporation Microsoft. A security vulnerability exists in Microsoft Azure. An attacker exploiting this vulnerability could gain access to sensitive information. The following products and...

Debian DSA-5546-1 : chromium - security update

The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5546 advisory. - Inappropriate implementation in Payments in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to bypass XSS preventions via a malicious file...

Google Chrome Security Update (stable-channel-update-for-desktop_31-2023-10) - Mac OS X

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...

Microsoft Edge (Chromium) < 118.0.2088.88 / 119.0.2151.44 Multiple Vulnerabilities

The version of Microsoft Edge installed on the remote Windows host is prior to 118.0.2088.88 / 119.0.2151.44. It is, therefore, affected by multiple vulnerabilities as referenced in the November 2, 2023 advisory. - Microsoft Edge Chromium-based Remote Code Execution Vulnerability CVE-2023-36022,...

Remote Code Execution (RCE)

chromium is vulnerable to Remote Code Execution RCE. The vulnerability exists due to the inappropriate implementation in WebApp, which allows a remote malicious attacker to obfuscate security UI via a crafted HTML page...

Chromium: CVE-2023-5858 Inappropriate implementation in WebApp Provider

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

SUSE CVE-2023-5858

Inappropriate implementation in WebApp Provider in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. Chromium security severity: Low...

Google Chrome Security Bypass Vulnerability (CNVD-2024-00157)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a security bypass vulnerability that originates from improper implementation of the WebApp Provider module. An attacker could exploit this vulnerability to bypass security restrictions...

The vulnerability of the WebApp Provider component of Google Chrome allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Google Chrome browser’s WebApp Provider component is related to improperly implemented security checks for standard elements. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information through a specially...

CVE-2023-5858

Inappropriate implementation in WebApp Provider in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. Chromium security severity: Low...