8 matches found
Server-side Request Forgery (SSRF)
Overview @steipete/summarize is a Link → clean text → summary. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the hover summary process. An attacker can cause authenticated requests to be sent to internal or private-network endpoints by dispatching...
Summarize's hover summary feature allows malicious pages to dispatch synthetic mouseover events over attacker-controlled links
Summarize prior to 0.15.0 contains a vulnerability in the hover summary feature that allows malicious pages to dispatch synthetic mouseover events over attacker-controlled links, causing the extension to make authenticated daemon requests using stored tokens without verifying event trustworthines...
GHSA-2R69-QGV3-HR65 Summarize's hover summary feature allows malicious pages to dispatch synthetic mouseover events over attacker-controlled links
Summarize prior to 0.15.0 contains a vulnerability in the hover summary feature that allows malicious pages to dispatch synthetic mouseover events over attacker-controlled links, causing the extension to make authenticated daemon requests using stored tokens without verifying event trustworthines...
CVE-2026-45245 Summarize < 0.15.1 Unauthorized Daemon Request via Untrusted Events
Summarize prior to 0.15.1 contains a vulnerability in the hover summary feature that allows malicious pages to dispatch synthetic mouseover events over attacker-controlled links, causing the extension to make authenticated daemon requests using stored tokens without verifying event trustworthines...
CVE-2026-45245 Summarize < 0.15.1 Unauthorized Daemon Request via Untrusted Events
Summarize prior to 0.15.1 contains a vulnerability in the hover summary feature that allows malicious pages to dispatch synthetic mouseover events over attacker-controlled links, causing the extension to make authenticated daemon requests using stored tokens without verifying event trustworthines...
CVE-2026-45245
CVE-2026-45245 affects the Summarize extension prior to 0.15.1. A vulnerability in the hover summary feature lets malicious pages dispatch synthetic mouseover events on attacker‑controlled links, causing the extension to issue authenticated daemon requests using stored tokens without verifying ev...
CVE-2026-45245
Summarize prior to 0.15.1 contains a vulnerability in the hover summary feature that allows malicious pages to dispatch synthetic mouseover events over attacker-controlled links, causing the extension to make authenticated daemon requests using stored tokens without verifying event trustworthines...
PT-2026-41724
Name of the Vulnerable Software and Affected Versions Summarize versions prior to 0.15.1 Description The hover summary feature allows malicious pages to dispatch synthetic mouseover events over attacker-controlled links. This causes the extension to make authenticated daemon requests using stored...