Lucene search
+L

7 matches found

Github Security Blog
Github Security Blog
added 2024/02/20 11:42 p.m.43 views

Cross-site scripting (XSS) in the dynamic file uploads

Impact The dynamic file upload feature is subject to potential XSS attach in case the attacker manages to modify the file names of the records being uploaded to the server. This appears in sections where the user controls the file upload dialogs themselves and has the technical knowledge to chang...

6.3CVSS5.9AI score0.00493EPSS
Exploits0References8Affected Software2
OSV
OSV
added 2024/02/20 11:42 p.m.76 views

GHSA-9W99-78RJ-HMXQ Cross-site scripting (XSS) in the dynamic file uploads

Impact The dynamic file upload feature is subject to potential XSS attach in case the attacker manages to modify the file names of the records being uploaded to the server. This appears in sections where the user controls the file upload dialogs themselves and has the technical knowledge to chang...

6.3CVSS5.7AI score0.00493EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2024/02/20 7:26 p.m.20 views

Possibility to circumvent the invitation token expiry period

Impact The invites feature allows users to accept the invitation for an unlimited amount of time through the password reset functionality. When using the password reset functionality, the deviseinvitable gem always accepts the pending invitation if the user has been invited as shown in this piece...

7.4CVSS7.5AI score0.00791EPSS
Exploits0References11Affected Software4
RubySec
RubySec
added 2024/02/20 12:0 a.m.26 views

Possibility to circumvent the invitation token expiry period

Impact The invites feature allows users to accept the invitation for an unlimited amount of time through the password reset functionality. When using the password reset functionality, the deviseinvitable gem always accepts the pending invitation if the user has been invited as shown in this piece...

7.4CVSS7.5AI score0.00791EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2024/02/20 12:0 a.m.21 views

Possibility to circumvent the invitation token expiry period

Impact The invites feature allows users to accept the invitation for an unlimited amount of time through the password reset functionality. When using the password reset functionality, the deviseinvitable gem always accepts the pending invitation if the user has been invited as shown in this piece...

7.4CVSS7.6AI score0.00791EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2024/02/20 12:0 a.m.33 views

Possibility to circumvent the invitation token expiry period

Impact The invites feature allows users to accept the invitation for an unlimited amount of time through the password reset functionality. When using the password reset functionality, the deviseinvitable gem always accepts the pending invitation if the user has been invited as shown in this piece...

7.4CVSS7.5AI score0.00791EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2024/02/20 12:0 a.m.31 views

Cross-site scripting (XSS) in the dynamic file uploads

Impact The dynamic file upload feature is subject to potential XSS attach in case the attacker manages to modify the file names of the records being uploaded to the server. This appears in sections where the user controls the file upload dialogs themselves and has the technical knowledge to chang...

6.3CVSS6AI score0.00493EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder