Unintentional leakage of private information via cross-origin websocket session hijacking

Impact Private messages or posts might be leaked to third parties if victim opens the attackers site while browsing nodebb. Patches Patched in v3.1.3 Backported to v2.x line via v2.8.13 Workarounds Users can cherry-pick...

GHSA-4QCV-QF38-5J3J Unintentional leakage of private information via cross-origin websocket session hijacking

Impact Private messages or posts might be leaked to third parties if victim opens the attackers site while browsing nodebb. Patches Patched in v3.1.3 Backported to v2.x line via v2.8.13 Workarounds Users can cherry-pick...

CVE-2023-2850

NodeBB is affected by a Cross-Site WebSocket Hijacking vulnerability due to missing validation of the request origin. Exploitation of this vulnerability allows certain user information to be extracted by attacker...

CVE-2023-2850

NodeBB is affected by a Cross-Site WebSocket Hijacking vulnerability due to missing validation of the request origin. Exploitation of this vulnerability allows certain user information to be extracted by attacker...

Cross site scripting

NodeBB is affected by a Cross-Site WebSocket Hijacking vulnerability due to missing validation of the request origin. Exploitation of this vulnerability allows certain user information to be extracted by attacker...

CVE-2023-2850

NodeBB is affected by a Cross-Site WebSocket Hijacking vulnerability due to missing validation of the request origin. Exploitation of this vulnerability allows certain user information to be extracted by attacker...

CVE-2023-2850

CVE-2023-2850 affects NodeBB and is a Cross-Site WebSocket Hijacking vulnerability caused by missing validation of the request origin. The issue can lead to leakage of certain user information. Publicly documented details identify affected NodeBB lines as NodeBB 2.x before 2.8.13 and 3.x before 3...

CVE-2023-2850

NodeBB is affected by a Cross-Site WebSocket Hijacking vulnerability due to missing validation of the request origin. Exploitation of this vulnerability allows certain user information to be extracted by attacker...

CVE-2022-46901

An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is an Access Control Violation for Database Operations. The Vocera Report Console contains a websocket interface that allows for the unauthenticated execution of various tasks and database functions. This...

PT-2023-15103 · Vocera · Vocera Voice Server +2

Name of the Vulnerable Software and Affected Versions: Vocera Report Server and Voice Server versions 5.x through 5.8 Description: An issue was discovered that allows for a Path Traversal during an Unzip operation. The Vocera Report Console contains a websocket function that allows for the...

PT-2023-15102 · Vocera · Vocera Voice Server +2

Name of the Vulnerable Software and Affected Versions: Vocera Report Server and Voice Server versions 5.x through 5.8 Description: An issue was discovered that allows for an Access Control Violation for Database Operations. The Vocera Report Console contains a websocket interface that permits the...

CVE-2022-46902

An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is a Path Traversal for an Unzip operation. The Vocera Report Console contains a websocket function that allows for the restoration of the database from a ZIP archive that expects a SQL import file. During the...

Vocera Report Server 安全漏洞

Vocera Report Server is a reporting application from Vocera USA. It is used to collect data from data logs created by Vocera system software and to build reports. A security vulnerability exists in Vocera Report Server and Voice Server versions 5.x - 5.8 that stems from the fact that the Vocera...

Vocera Report Server 路径遍历漏洞

Vocera Report Server is a reporting application from Vocera USA. It is used to collect data from data logs created by Vocera system software and to build reports. A security vulnerability exists in Vocera Report Server and Voice Server versions 5.x - 5.8, which stems from the fact that the Vocera...

PT-2023-15099 · Vocera · Vocera Voice Server +2

Name of the Vulnerable Software and Affected Versions: Vocera Report Server and Voice Server versions 5.x through 5.8 Description: An issue was discovered that allows for Path Traversal via the filename provided for the "restore SQL data" functionality. The Vocera Report Console contains a...

CVE-2022-46901

CVE-2022-46901 affects Vocera Report Server and Voice Server 5.x through 5.8. The issue is an Access Control Violation for database operations via the Vocera Report Console’s websocket interface, which permits unauthenticated execution of tasks and database functions, including system tasks and a...

CVE-2022-46902

CVE-2022-46902 relates to Vocera Report Server/Voice Server 5.x–5.8. The issue is a path traversal vulnerability in an unzip operation used during a ZIP-based database restore via the Vocera Report Console’s websocket function. During extraction, the code uses file paths from the ZIP without suff...

PT-2023-21763 · Nodebb · Nodebb

Name of the Vulnerable Software and Affected Versions: NodeBB versions prior to 2.8.13 NodeBB versions prior to 3.1.3 Description: The issue is related to a Cross-Site WebSocket Hijacking vulnerability due to missing validation of the request origin. This allows certain user information to be...

CVE-2022-46898

An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is Path Traversal via the "restore SQL data" filename. The Vocera Report Console contains a websocket function that allows for the restoration of the database from a ZIP archive that expects a SQL import file...

CVE-2022-46901

An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is an Access Control Violation for Database Operations. The Vocera Report Console contains a websocket interface that allows for the unauthenticated execution of various tasks and database functions. This...