23 matches found
EUVD-2024-2599
Malicious code in bioql PyPI...
CVE-2024-46872
Mattermost versions 9.10.x = 9.10.2, 9.11.x = 9.11.1, 9.5.x = 9.5.9 fail to sanitize user inputs in the frontend that are used for redirection which allows for a one-click client-side path traversal that is leading to CSRF in Playbooks...
CVE-2024-40886
Mattermost versions 9.9.x = 9.9.1, 9.5.x = 9.5.7, 9.10.x = 9.10.0, 9.8.x = 9.8.2 fail to sanitize user inputs in the frontend that are used for redirection which allows for a one-click client-side path traversal that is leading to CSRF in User Management page of the system console...
CVE-2024-50336
matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. matrix-js-sdk before 34.11.0 is vulnerable to client-side path traversal via crafted MXC URIs. A malicious room member can trigger clients based on the matrix-js-sdk to issue arbitrary authenticated GET requests to the...
CVE-2025-22601 Client Side Path Traversal using activate account route in Discourse
Discourse is an open source platform for community discussion. In affected versions an attacker can trick a target user to make changes to their own username via carefully crafted link using the activate-account route. This problem has been patched in the latest version of Discourse. Users are...
CVE-2025-22601 Client Side Path Traversal using activate account route in Discourse
Discourse is an open source platform for community discussion. In affected versions an attacker can trick a target user to make changes to their own username via carefully crafted link using the activate-account route. This problem has been patched in the latest version of Discourse. Users are...
Updated thunderbird packages fix security vulnerability
Matrix-js-sdk has insufficient MXC URI validation which could allow client-side path traversal. CVE-2024-50336...
FreeBSD : Gitlab -- Vulnerabilities (275ac414-b847-11ef-9877-2cf05da270f3)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 275ac414-b847-11ef-9877-2cf05da270f3 advisory. Gitlab reports: Injection of Network Error Logging NEL headers in kubernetes proxy response...
Security Vulnerabilities fixed in Thunderbird 128.5.2 — Mozilla
The Matrix specification demands homeservers to perform validation of the server-name and media-id components of MXC URIs with the intent to prevent path traversal. However, it is not mentioned that a similar check must also be performed on the client to prevent client-side path traversal...
matrix-js-sdk has insufficient MXC URI validation which allows client-side path traversal
Summary matrix-js-sdk before 34.11.0 is vulnerable to client-side path traversal via crafted MXC URIs. A malicious room member can trigger clients based on the matrix-js-sdk to issue arbitrary authenticated GET requests to the client's homeserver. Details The Matrix specification demands...
CVE-2024-50336 matrix-js-sdk has insufficient MXC URI validation which allows client-side path traversal
matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. matrix-js-sdk before 34.11.0 is vulnerable to client-side path traversal via crafted MXC URIs. A malicious room member can trigger clients based on the matrix-js-sdk to issue arbitrary authenticated GET requests to the...
Cross-Site Request Forgery (CSRF)
Mattermost is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to improper sanitization of user inputs in the frontend used for redirection, allowing a one-click client-side path traversal that results in a cross-site request forgery CSRF in Playbooks...
BIT-MATTERMOST-2024-46872
Mattermost versions 9.10.x = 9.10.2, 9.11.x = 9.11.1, 9.5.x = 9.5.9 fail to sanitize user inputs in the frontend that are used for redirection which allows for a one-click client-side path traversal that is leading to CSRF in Playbooks...
CVE-2024-46872
Mattermost versions 9.10.x = 9.10.2, 9.11.x = 9.11.1, 9.5.x = 9.5.9 fail to sanitize user inputs in the frontend that are used for redirection which allows for a one-click client-side path traversal that is leading to CSRF in Playbooks...
CVE-2024-46872 Client-Side Path Traversal Leading to CSRF in Playbooks
Mattermost versions 9.10.x = 9.10.2, 9.11.x = 9.11.1, 9.5.x = 9.5.9 fail to sanitize user inputs in the frontend that are used for redirection which allows for a one-click client-side path traversal that is leading to CSRF in Playbooks...
GHSA-HRF9-RM95-FPF3 Mattermost Cross-Site Request Forgery vulnerability
Mattermost versions 9.9.x = 9.9.1, 9.5.x = 9.5.7, 9.10.x = 9.10.0, 9.8.x = 9.8.2 fail to sanitize user inputs in the frontend that are used for redirection which allows for a one-click client-side path traversal that is leading to CSRF in User Management page of the system console...
LY Corporation: Client-Side Path Traversal on LINE Developers Console
The LINE Developers Console had a Client-Side Path Traversal vulnerability that led to an effective CSRF. The operations that could be enforced with the CSRF were limited...
PT-2024-19186 · Unknown · Firefly-Iii
Name of the Vulnerable Software and Affected Versions: Firefly III versions prior to 6.1.1 Description: The issue allows for HTML injection in webhooks. It is related to a Client-Side Path Traversal CSPT vulnerability, which can be used to control data that was assumed to be uncontrollable. This...
CVE-2023-45316 Reflected client side path traversal leading to CSRF in Playbooks
Mattermost fails to validate if a relative path is passed in /plugins/playbooks/api/v0/telemetry/run/ as a telemetry run ID, allowing an attacker to use a path traversal payload that points to a different endpoint leading to a CSRF attack...
CVE-2023-6458
CVE-2023-6458 (Mattermost webapp) : A route-parameter validation failure in //channels/ allows client-side path traversal. Root cause: insufficient validation of route parameters in the webapp. Impact: potential exposure of sensitive client-side state via crafted channel URLs; exploitation status...