EUVD-2021-19581

Malware in sbrugna...

EUVD-2022-33574

Malicious code in bioql PyPI...

CVE-2021-32852

Countly, a product analytics solution, is vulnerable to cross-site scripting prior to version 21.11 of the community edition. The victim must follow a malicious link or be redirected there from malicious web site. The attacker must have an account or be able to create one. This issue is patched i...

CVE-2022-29174

countly-server is the server-side part of Countly, a product analytics solution. Prior to versions 22.03.7 and 21.11.4, a malicious actor who knows an account email address/username and full name specified in the database is capable of guessing the password reset token. The actor may use this...

CVE-2021-32852

Countly, a product analytics solution, is vulnerable to cross-site scripting prior to version 21.11 of the community edition. The victim must follow a malicious link or be redirected there from malicious web site. The attacker must have an account or be able to create one. This issue is patched i...

CVE-2021-32852

Countly, a product analytics solution, is vulnerable to cross-site scripting prior to version 21.11 of the community edition. The victim must follow a malicious link or be redirected there from malicious web site. The attacker must have an account or be able to create one. This issue is patched i...

Cross site scripting

Countly, a product analytics solution, is vulnerable to cross-site scripting prior to version 21.11 of the community edition. The victim must follow a malicious link or be redirected there from malicious web site. The attacker must have an account or be able to create one. This issue is patched i...

CVE-2021-32852 countly-server vulnerable to Cross-site Scripting

Countly, a product analytics solution, is vulnerable to cross-site scripting prior to version 21.11 of the community edition. The victim must follow a malicious link or be redirected there from malicious web site. The attacker must have an account or be able to create one. This issue is patched i...

CVE-2021-32852 countly-server vulnerable to Cross-site Scripting

Countly, a product analytics solution, is vulnerable to cross-site scripting prior to version 21.11 of the community edition. The victim must follow a malicious link or be redirected there from malicious web site. The attacker must have an account or be able to create one. This issue is patched i...

countly-server 跨站脚本漏洞

countly-server is the server-side component of Countly, a product analytics solution. A security vulnerability exists in countly-server versions prior to 21.11 that stems from a cross-site scripting vulnerability...

PT-2023-12184 · Countly · Countly

Name of the Vulnerable Software and Affected Versions: Countly versions prior to 21.11 Description: The issue allows for cross-site scripting. To exploit this, the victim must follow a malicious link or be redirected from a malicious website. The attacker needs to have an account or be able to...

CVE-2021-32852

Countly countly-server (prior to 21.11, community edition) is vulnerable to cross-site scripting (XSS) via malicious links or redirects. An attacker must have or create an account, and successful exploitation results in script execution in the victim’s browser. The issue is patched in version 21....

CVE-2022-29174

countly-server is the server-side part of Countly, a product analytics solution. Prior to versions 22.03.7 and 21.11.4, a malicious actor who knows an account email address/username and full name specified in the database is capable of guessing the password reset token. The actor may use this...

Default credentials

countly-server is the server-side part of Countly, a product analytics solution. Prior to versions 22.03.7 and 21.11.4, a malicious actor who knows an account email address/username and full name specified in the database is capable of guessing the password reset token. The actor may use this...

CVE-2022-29174 Predictable password reset token may lead to account takeover in countly-server

countly-server is the server-side part of Countly, a product analytics solution. Prior to versions 22.03.7 and 21.11.4, a malicious actor who knows an account email address/username and full name specified in the database is capable of guessing the password reset token. The actor may use this...

CVE-2022-29174 Predictable password reset token may lead to account takeover in countly-server

countly-server is the server-side part of Countly, a product analytics solution. Prior to versions 22.03.7 and 21.11.4, a malicious actor who knows an account email address/username and full name specified in the database is capable of guessing the password reset token. The actor may use this...

CVE-2022-29174

CVE-2022-29174 affects countly-server. Prior to patch releases, an attacker who knows an account’s email/username and full name stored in the database could guess the password reset token, enabling password reset and potential account takeover. The issue is addressed in Countly Server version 22....

CVE-2022-29174 Predictable password reset token may lead to account takeover in countly-server

countly-server is the server-side part of Countly, a product analytics solution. Prior to versions 22.03.7 and 21.11.4, a malicious actor who knows an account email address/username and full name specified in the database is capable of guessing the password reset token. The actor may use this...

countly-server 授权问题漏洞

countly-server is the server-side component of Countly, a product analytics solution. An authorization issue vulnerability exists in version 22.x prior to countly-server 22.03.7 and version 21.x prior to 21.11.4, which can be exploited by an attacker to reset passwords and take over accounts...

countly.teeko.io Cross Site Scripting vulnerability

Security Researcher srom23 Helped patch 8 vulnerabilities Received 0 Coordinated Disclosure badges , found a security vulnerability affecting countly.teeko.io website and its users. Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bount...