2 matches found
PT-2025-14753 · Unknown · Labib Ahmed Team Builder
Name of the Vulnerable Software and Affected Versions: Labib Ahmed Team Builder versions n/a through 1.3 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as 'Cross-site Scripting', which allows Reflected XSS. This means that an attacker...
CVE-2024-38371 Insufficient access control for OAuth2 Device Code flow in authentik
authentik is an open-source Identity Provider. Access restrictions assigned to an application were not checked when using the OAuth2 Device code flow. This could potentially allow users without the correct authorization to get OAuth tokens for an application and access it. This issue has been...