GHSA-WCX9-CCPJ-HX3C Coder vulnerable to post-auth URL redirection to untrusted site ('Open Redirect')

Summary An issue on Coder's login page allows attackers to craft a Coder URL that when clicked by a logged in user could redirect them to a website the attacker controls, e.g. https://google.com. Details On the login page, Coder checks for the presence of a redirect query parameter. On successful...

CVE-2024-2578

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPCoder WP Coder allows Stored XSS.This issue affects WP Coder: from n/a through 3.5...

CVE-2024-2578

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPCoder WP Coder allows Stored XSS.This issue affects WP Coder: from n/a through 3.5...

CVE-2024-2578

CVE-2024-2578 affects WP Coder (WordPress plugin) with Stored XSS due to improper input handling during page generation in versions up to 3.5. A fix is available in 3.5.1; CVSS metrics vary by source (NVD v3.1 base score 4.8; PatchStack guidance lists ~5.9). No exploitation details are provided b...

CVE-2024-27918

Coder allows oragnizations to provision remote development environments via Terraform. Prior to versions 2.6.1, 2.7.3, and 2.8.4, a vulnerability in Coder's OIDC authentication could allow an attacker to bypass the CODEROIDCEMAILDOMAIN verification and create an account with an email not in the...

WordPress Plugin WP Coder 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin WP Coder A cross-site...

Coder 安全漏洞

Coder is an application from Coder that allows you to set up a development environment in a public or private cloud infrastructure. A security vulnerability exists in Coder and CoderV2 that stems from a security hole in OIDC authentication that allows an attacker to bypass authentication and crea...

WordPress WP Coder Plugin <= 3.5 is vulnerable to Cross Site Scripting (XSS)

Software WP Coder Type Plugin Vulnerable versions = 3.5 Fixed in 3.5.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-2578 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID fff15d41931f Credits LeNgocHoa Required privilege Editor Published 18...

Authentication flaw

Coder allows oragnizations to provision remote development environments via Terraform. Prior to versions 2.6.1, 2.7.3, and 2.8.4, a vulnerability in Coder's OIDC authentication could allow an attacker to bypass the CODEROIDCEMAILDOMAIN verification and create an account with an email not in the...

GO-2024-2602 Incorrect email domain verification in github.com/coder/coder

A vulnerability in Coder's OIDC authentication could allow an attacker to bypass the CODEROIDCEMAILDOMAIN verification and create an account with an email not in the allowlist. Deployments are only affected if the OIDC provider allows users to create accounts on the provider such as public...

Design/Logic Flaw

A vulnerability has been found in keerti1924 Secret-Coder-PHP-Project 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /secretcoder.sql. The manipulation leads to inclusion of sensitive information in source code. The attack can be launched...

CVE-2024-2355 keerti1924 Secret-Coder-PHP-Project secret_coder.sql inclusion of sensitive information in source code

A vulnerability has been found in keerti1924 Secret-Coder-PHP-Project 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /secretcoder.sql. The manipulation leads to inclusion of sensitive information in source code. The attack can be launched...

CVE-2024-2355

CVE-2024-2355 affects keerti1924 Secret-Coder-PHP-Project 1.0. The vulnerability involves an issue in an unknown functionality of the file /secret_coder.sql, where manipulation leads to inclusion of sensitive information in source code. Reported as exploitable remotely with rather high attack com...

Secret-Coder-PHP-Project Security Vulnerability

Secret-Coder-PHP-Project is a PHP-based project. A security vulnerability exists in version 1.0 of Secret-Coder-PHP-Project that stems from the inclusion of sensitive information in the code...

PT-2024-19932 · Unknown · Keerti1924 Secret-Coder-Php-Project

Name of the Vulnerable Software and Affected Versions: keerti1924 Secret-Coder-PHP-Project version 1.0 Description: A vulnerability has been found in the keerti1924 Secret-Coder-PHP-Project, affecting an unknown functionality of the file /secret coder.sql. The manipulation leads to the inclusion ...

CVE-2024-2266

A vulnerability has been found in keerti1924 Secret-Coder-PHP-Project 1.0 and classified as problematic. This vulnerability affects unknown code of the file /login.php of the component Login Page. The manipulation of the argument emailcookie/passwordcookie leads to cross site scripting. The attac...

CVE-2024-2266

A vulnerability has been found in keerti1924 Secret-Coder-PHP-Project 1.0 and classified as problematic. This vulnerability affects unknown code of the file /login.php of the component Login Page. The manipulation of the argument emailcookie/passwordcookie leads to cross site scripting. The attac...

CVE-2024-2266

CVE-2024-2266 affects keerti1924 Secret-Coder-PHP-Project 1.0, specifically the Login Page file /login.php. The vulnerability is caused by improper handling of the parameters emailcookie and passwordcookie, enabling remote cross-site scripting (XSS) . Exploitation is possible remotely and the exp...

CVE-2024-2266 keerti1924 Secret-Coder-PHP-Project Login Page login.php cross site scripting

A vulnerability has been found in keerti1924 Secret-Coder-PHP-Project 1.0 and classified as problematic. This vulnerability affects unknown code of the file /login.php of the component Login Page. The manipulation of the argument emailcookie/passwordcookie leads to cross site scripting. The attac...

CLSA-2024-1709839850 Fix CVE(s): CVE-2023-5341

SECURITY UPDATE: Heap use-after-free flaw in BMP coder - debian/patches/CVE-2023-5341.patch: Check BMP file size to fix ImproperImageHeader issue caused by a provided poc - CVE-2023-5341...