2 matches found
Form.io 信息泄露漏洞
Form.io is a combined forms and API platform for serverless applications from US-based Form.io. An information disclosure vulnerability exists in Form.io versions prior to 3.5.6 and 4.0.0-rc.1 through 4.4.2, which stems from a flaw in path handling that could lead an attacker to access a protecte...
CVE-2025-67495 ZITADEL Vulnerable to Account Takeover via DOM-Based XSS in Zitadel V2 Login
ZITADEL is an open-source identity infrastructure tool. Versions 4.0.0-rc.1 through 4.7.0 are vulnerable to DOM-Based XSS through the Zitadel V2 logout endpoint. The /logout endpoint insecurely routes to a value that is supplied in the postlogoutredirect GET parameter. As a result, unauthenticate...