10 matches found
EUVD-2022-7777
Malicious code in bioql PyPI...
CVE-2022-46181
Gotify server is a simple server for sending and receiving messages in real-time per WebSocket. Versions prior to 2.2.2 contain an XSS vulnerability that allows authenticated users to upload .html files. An attacker could execute client side scripts if another user opened a link. The attacker cou...
Cross-site Scripting (XSS)
github.com/gotify/server is vulnerable to Cross-site Scripting XSS. The vulnerability is due to outdated Swagger UI, which uses a vulnerable version of DOMPurify, allowing an attacker to execute arbitrary JavaScript through external Swagger config files...
GO-2023-1471 Reflected XSS in Gotify's /docs via import of outdated Swagger UI in github.com/gotify/server
Reflected XSS in Gotify's /docs via import of outdated Swagger UI in github.com/gotify/server...
CVE-2022-46181
Gotify server is a simple server for sending and receiving messages in real-time per WebSocket. Versions prior to 2.2.2 contain an XSS vulnerability that allows authenticated users to upload .html files. An attacker could execute client side scripts if another user opened a link. The attacker cou...
Spoofing
Gotify server is a simple server for sending and receiving messages in real-time per WebSocket. Versions prior to 2.2.2 contain an XSS vulnerability that allows authenticated users to upload .html files. An attacker could execute client side scripts if another user opened a link. The attacker cou...
CVE-2022-46181 Gotify server XSS vulnerability in the application image file upload
Gotify server is a simple server for sending and receiving messages in real-time per WebSocket. Versions prior to 2.2.2 contain an XSS vulnerability that allows authenticated users to upload .html files. An attacker could execute client side scripts if another user opened a link. The attacker cou...
CVE-2022-46181 Gotify server XSS vulnerability in the application image file upload
Gotify server is a simple server for sending and receiving messages in real-time per WebSocket. Versions prior to 2.2.2 contain an XSS vulnerability that allows authenticated users to upload .html files. An attacker could execute client side scripts if another user opened a link. The attacker cou...
CVE-2022-46181 Gotify server XSS vulnerability in the application image file upload
Gotify server is a simple server for sending and receiving messages in real-time per WebSocket. Versions prior to 2.2.2 contain an XSS vulnerability that allows authenticated users to upload .html files. An attacker could execute client side scripts if another user opened a link. The attacker cou...
PT-2022-27792 · Unknown · Gotify Server
Name of the Vulnerable Software and Affected Versions: Gotify server versions prior to 2.2.2 Description: The Gotify server contains an issue that allows authenticated users to upload .html files, which can lead to the execution of client-side scripts if another user opens a link. This could...