Lucene search
K

308 matches found

BDU FSTEC
BDU FSTEC
added 8 hours ago12 views

Blitz Identity Provider (Authentication server)

...

5.8AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.13 views

PT-2026-48797

Уязвимость программного обеспечения Blitz Identity Provider связана с непринятием мер по защите структуры веб-страницы. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, проводить межсайтовые сценарные атаки XSS...

6.8CVSS5.4AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.12 views

PT-2026-46077

Уязвимость программного обеспечения Blitz Identity Provider связана с подделкой межсайтовых запросов. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, осуществить CSRF-атаку...

2.6CVSS5.8AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.24 views

PT-2026-46076

Уязвимость программного обеспечения Blitz Identity Provider связана с непринятием мер по защите структуры веб-страницы. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, проводить межсайтовые сценарные атаки XSS...

4CVSS5.8AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/26 11:16 a.m.15 views

CVE-2026-9520

A flaw was found in blitz-js blitz. A remote attacker can exploit this vulnerability by manipulating the 'Next' argument within the 'LoginForm.tsx' component. This manipulation leads to cross-site scripting XSS, which allows the attacker to inject malicious scripts into web pages viewed by other...

5.3CVSS5.4AI score0.00336EPSS
Exploits0References2
NVD
NVD
added 2026/05/26 2:16 a.m.13 views

CVE-2026-9520

A weakness has been identified in blitz-js blitz up to 3.0.2 on GitHub. This impacts an unknown function of the file packages/generator/templates/app/src/app/auth/components/LoginForm.tsx of the component Sign-in. This manipulation of the argument Next causes cross site scripting. It is possible ...

5.3CVSS0.00336EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/26 1:30 a.m.13 views

EUVD-2026-31781

A weakness has been identified in blitz-js blitz up to 3.0.2 on GitHub. This impacts an unknown function of the file packages/generator/templates/app/src/app/auth/components/LoginForm.tsx of the component Sign-in. This manipulation of the argument Next causes cross site scripting. It is possible ...

5.3CVSS4.2AI score0.00336EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/26 1:30 a.m.10 views

CVE-2026-9520 blitz-js blitz Sign-in LoginForm.tsx cross site scripting

A weakness has been identified in blitz-js blitz up to 3.0.2 on GitHub. This impacts an unknown function of the file packages/generator/templates/app/src/app/auth/components/LoginForm.tsx of the component Sign-in. This manipulation of the argument Next causes cross site scripting. It is possible ...

5.3CVSS4.2AI score0.00336EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/26 1:30 a.m.7 views

CVE-2026-9520

A weakness has been identified in blitz-js blitz up to 3.0.2 on GitHub. This impacts an unknown function of the file packages/generator/templates/app/src/app/auth/components/LoginForm.tsx of the component Sign-in. This manipulation of the argument Next causes cross site scripting. It is possible ...

5.3CVSS4.2AI score0.00336EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/05/26 1:30 a.m.34 views

CVE-2026-9520

Product/affected software : blitz-js blitz (up to 3.0.2). Vulnerable component/file : packages/generator/templates/app/src/app/auth/components/LoginForm.tsx in the Sign-in module. Root cause : argument manipulation in Next leads to cross-site scripting. Impact : cross-site scripting vulnerability...

5.3CVSS4.2AI score0.00336EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/26 1:30 a.m.40 views

CVE-2026-9520 blitz-js blitz Sign-in LoginForm.tsx cross site scripting

A weakness has been identified in blitz-js blitz up to 3.0.2 on GitHub. This impacts an unknown function of the file packages/generator/templates/app/src/app/auth/components/LoginForm.tsx of the component Sign-in. This manipulation of the argument Next causes cross site scripting. It is possible ...

5.3CVSS0.00336EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.10 views

Blitz 代码注入漏洞

Blitz is an open-source full-stack Next.js development toolkit developed by Blitz. Versions of Blitz 3.0.2 and earlier contained a code injection vulnerability. This vulnerability stemmed from an unknown function in the packages/generator/templates/app/src/app/auth/components/LoginForm.tsx file,...

5.3CVSS5.7AI score0.00336EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.12 views

PT-2026-43177

A weakness has been identified in blitz-js blitz up to 3.0.2 on GitHub. This impacts an unknown function of the file packages/generator/templates/app/src/app/auth/components/LoginForm.tsx of the component Sign-in. This manipulation of the argument Next causes cross site scripting. It is possible ...

5.3CVSS4.2AI score0.00336EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/25 12:0 a.m.14 views

PT-2026-44125

Уязвимость программного обеспечения Blitz Identity Provider связана с непринятием мер по защите структуры веб-страницы. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, проводить межсайтовые сценарные атаки XSS...

4CVSS5.8AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/12/25 12:34 a.m.12 views

CVE-2025-60935

An open redirect vulnerability in the login endpoint of Blitz Panel v1.17.0 allows attackers to redirect users to malicious domains via a crafted URL. This issue affects the nexturl parameter in the login endpoint and could lead to phishing or token theft after successful authentication...

6.5CVSS6.7AI score0.00161EPSS
Exploits0References1
NVD
NVD
added 2025/12/24 3:16 p.m.5 views

CVE-2025-60935

An open redirect vulnerability in the login endpoint of Blitz Panel v1.17.0 allows attackers to redirect users to malicious domains via a crafted URL. This issue affects the nexturl parameter in the login endpoint and could lead to phishing or token theft after successful authentication...

6.5CVSS0.00161EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/24 12:0 a.m.26 views

CVE-2025-60935

An open redirect vulnerability in the login endpoint of Blitz Panel v1.17.0 allows attackers to redirect users to malicious domains via a crafted URL. This issue affects the nexturl parameter in the login endpoint and could lead to phishing or token theft after successful authentication...

0.00161EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/24 12:0 a.m.3 views

CVE-2025-60935

An open redirect vulnerability in the login endpoint of Blitz Panel v1.17.0 allows attackers to redirect users to malicious domains via a crafted URL. This issue affects the nexturl parameter in the login endpoint and could lead to phishing or token theft after successful authentication...

6.3AI score0.00161EPSS
Exploits0References2
CVE
CVE
added 2025/12/24 12:0 a.m.15 views

CVE-2025-60935

CVE-2025-60935 describes an open redirect in Blitz Panel v1.17.0 at the login endpoint, affecting the next_url parameter. The vulnerability can enable a user to be redirected to a malicious domain after login, with potential phishing or token theft after authentication. Multiple connected sources...

6.5CVSS6.3AI score0.00161EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2025/12/24 12:0 a.m.4 views

CVE-2025-60935

An open redirect vulnerability in the login endpoint of Blitz Panel v1.17.0 allows attackers to redirect users to malicious domains via a crafted URL. This issue affects the nexturl parameter in the login endpoint and could lead to phishing or token theft after successful authentication...

6.5CVSS6.6AI score0.00161EPSS
Exploits0References4
Rows per page
Query Builder