35 matches found
CVE-2026-26266
AliasVault is a privacy-first password manager with built-in email aliasing. A stored cross-site scripting XSS vulnerability was identified in the email rendering feature of AliasVault Web Client versions 0.25.3 and lower. When viewing received emails on an alias, the HTML content is rendered in ...
CVE-2026-26266
AliasVault is a privacy-first password manager with built-in email aliasing. A stored cross-site scripting XSS vulnerability was identified in the email rendering feature of AliasVault Web Client versions 0.25.3 and lower. When viewing received emails on an alias, the HTML content is rendered in ...
CVE-2026-26266 AliasVault affected by Cross-Site Scripting (XSS) via Email HTML Rendering
AliasVault is a privacy-first password manager with built-in email aliasing. A stored cross-site scripting XSS vulnerability was identified in the email rendering feature of AliasVault Web Client versions 0.25.3 and lower. When viewing received emails on an alias, the HTML content is rendered in ...
CVE-2026-26266
AliasVault is a privacy-first password manager with built-in email aliasing. A stored cross-site scripting XSS vulnerability was identified in the email rendering feature of AliasVault Web Client versions 0.25.3 and lower. When viewing received emails on an alias, the HTML content is rendered in ...
CVE-2026-26266 AliasVault affected by Cross-Site Scripting (XSS) via Email HTML Rendering
AliasVault is a privacy-first password manager with built-in email aliasing. A stored cross-site scripting XSS vulnerability was identified in the email rendering feature of AliasVault Web Client versions 0.25.3 and lower. When viewing received emails on an alias, the HTML content is rendered in ...
EUVD-2026-9332
AliasVault is a privacy-first password manager with built-in email aliasing. A stored cross-site scripting XSS vulnerability was identified in the email rendering feature of AliasVault Web Client versions 0.25.3 and lower. When viewing received emails on an alias, the HTML content is rendered in ...
CVE-2026-26266 AliasVault affected by Cross-Site Scripting (XSS) via Email HTML Rendering
AliasVault is a privacy-first password manager with built-in email aliasing. A stored cross-site scripting XSS vulnerability was identified in the email rendering feature of AliasVault Web Client versions 0.25.3 and lower. When viewing received emails on an alias, the HTML content is rendered in ...
CVE-2026-26266
AliasVault Web Client versions ≤ 0.25.3 are affected by a stored XSS in the email rendering feature. HTML content of emails viewed in an alias is rendered in an iframe via srcdoc, which lacks origin isolation, allowing a crafted email containing JavaScript to execute in the application's origin w...
AliasVault 跨站脚本漏洞
AliasVault is an open-source password manager developed by AliasVault. Versions of AliasVault prior to 0.25.3 contained a cross-site scripting vulnerability. This vulnerability stemmed from the email rendering feature, where HTML content was rendered using srcdoc within an iframe without proper...
PT-2026-22839
Name of the Vulnerable Software and Affected Versions AliasVault versions 0.25.3 and lower Description AliasVault is a privacy-first password manager with built-in email aliasing. A stored cross-site scripting XSS issue exists in the email rendering feature of the AliasVault Web Client. When...
CVE-2026-2974
A vulnerability was identified in AliasVault App up to 0.25.3 on Android/iOS. This vulnerability affects unknown code of the file sharedprefs/aliasvault.xml of the component Backup Handler. The manipulation of the argument accessToken/refreshToken/metadata/keyderivationparams/authmethods leads to...
CVE-2026-2974
A vulnerability was identified in AliasVault App up to 0.25.3 on Android/iOS. This vulnerability affects unknown code of the file sharedprefs/aliasvault.xml of the component Backup Handler. The manipulation of the argument accessToken/refreshToken/metadata/keyderivationparams/authmethods leads to...
CVE-2026-2974
A vulnerability was identified in AliasVault App up to 0.25.3 on Android/iOS. This vulnerability affects unknown code of the file sharedprefs/aliasvault.xml of the component Backup Handler. The manipulation of the argument accessToken/refreshToken/metadata/keyderivationparams/authmethods leads to...
CVE-2026-2974 AliasVault App Backup aliasvault.xml backup
A vulnerability was identified in AliasVault App up to 0.25.3 on Android/iOS. This vulnerability affects unknown code of the file sharedprefs/aliasvault.xml of the component Backup Handler. The manipulation of the argument accessToken/refreshToken/metadata/keyderivationparams/authmethods leads to...
CVE-2026-2974
A vulnerability was identified in AliasVault App up to 0.25.3 on Android/iOS. This vulnerability affects unknown code of the file sharedprefs/aliasvault.xml of the component Backup Handler. The manipulation of the argument accessToken/refreshToken/metadata/keyderivationparams/authmethods leads to...
CVE-2026-2974 AliasVault App Backup aliasvault.xml backup
A vulnerability was identified in AliasVault App up to 0.25.3 on Android/iOS. This vulnerability affects unknown code of the file sharedprefs/aliasvault.xml of the component Backup Handler. The manipulation of the argument accessToken/refreshToken/metadata/keyderivationparams/authmethods leads to...
CVE-2026-2974
AliasVault App (up to 0.25.3) on Android/iOS contains a vulnerability in the Backup Handler that manipulates tokens inside shared_prefs/aliasvault.xml (accessToken/refreshToken/metadata/key_derivation_params/auth_methods). This can expose backup files to an unauthorized control sphere through a l...
AliasVault 安全漏洞
AliasVault is an open-source password manager developed by AliasVault. Versions of AliasVault prior to 0.25.3 contained a security vulnerability. This vulnerability stemmed from incorrect handling of parameters such as accessToken, refreshToken, metadata, keyderivationparams, and authMethods in t...
PT-2026-21499
Name of the Vulnerable Software and Affected Versions AliasVault App versions through 0.25.3 Description A security issue exists in AliasVault App on Android/iOS. The issue is related to the Backup Handler component and affects the shared prefs/aliasvault.xml file. Manipulation of the accessToken...
CVE-2026-22694
AliasVault is a privacy-first password manager with built-in email aliasing. AliasVault Android versions 0.24.0 through 0.25.2 contained an issue in how passkey requests from Android apps were validated. Under certain local conditions, a malicious app could attempt to obtain a passkey response fo...