2 matches found
CVE-2024-33670
CVE-2024-33670 : Passbolt API before 4.6.2 allows HTML injection in a URL parameter; the underlying issue is HTML injection due to insufficient sanitization. This can cause custom content to be displayed when a user visits the crafted URL, though CSP prevents executing injected code. The impact i...
CVE-2024-33670
Passbolt API before 4.6.2 allows HTML injection in a URL parameter, resulting in custom content being displayed when a user visits the crafted URL. Although the injected content is not executed as JavaScript due to Content Security Policy CSP restrictions, it may still impact the appearance and...