7 matches found
EUVD-2024-37391
Malicious code in bioql PyPI...
EUVD-2024-37390
Malicious code in bioql PyPI...
EUVD-2024-37392
Malicious code in bioql PyPI...
CVE-2024-38521
Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals. There is a stored XSS in the Inbox. The input is displayed using the safe Jinja2 attribute, and thus not sanitized upon display. This issue has been patched in version 0.1.0...
CVE-2024-38522 CSP bypass in Hush Line
Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals. The CSP policy applied on the tips.hushline.app website and bundled by default in this repository is trivial to bypass. This vulnerability has been patched in version 0.1.0...
CVE-2024-38521
Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals. There is a stored XSS in the Inbox. The input is displayed using the safe Jinja2 attribute, and thus not sanitized upon display. This issue has been patched in version 0.1.0...
CVE-2024-38521
Vulnerability: CVE-2024-38521 affects Hush Line prior to version 0.1.0, with a stored XSS in the Inbox. The input is displayed using the safe Jinja2 attribute, and is not sanitized on display. Root cause (from PT-2024-28049): mis-handling of user-controlled input in the Inbox leads to stored XSS....