27 matches found
EUVD-2024-52842
Malicious code in bioql PyPI...
EUVD-2024-37392
Malicious code in bioql PyPI...
CVE-2024-38522
Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals. The CSP policy applied on the tips.hushline.app website and bundled by default in this repository is trivial to bypass. This vulnerability has been patched in version 0.1.0...
CVE-2024-38521
Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals. There is a stored XSS in the Inbox. The input is displayed using the safe Jinja2 attribute, and thus not sanitized upon display. This issue has been patched in version 0.1.0...
CVE-2024-38523
Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals. The TOTP authentication flow has multiple issues that weakens its one-time nature. Specifically, the lack of 2FA for changing security settings allows attacker with CSRF or XSS primitives to...
CVE-2024-55888
Hush Line is an open-source whistleblower management system. Starting in version 0.1.0 and prior to version 0.3.5, the productions server appeared to have been misconfigured and missed providing any content security policy or security headers. This could result in bypassing of cross-site scriptin...
CVE-2024-55888 Content Security Policy appears to be missing in software and production setup
Hush Line is an open-source whistleblower management system. Starting in version 0.1.0 and prior to version 0.3.5, the productions server appeared to have been misconfigured and missed providing any content security policy or security headers. This could result in bypassing of cross-site scriptin...
CVE-2024-55888 Content Security Policy appears to be missing in software and production setup
Hush Line is an open-source whistleblower management system. Starting in version 0.1.0 and prior to version 0.3.5, the productions server appeared to have been misconfigured and missed providing any content security policy or security headers. This could result in bypassing of cross-site scriptin...
CVE-2024-55888
CVE-2024-55888 affects Hush Line, an open-source whistleblower management system. A production-server misconfiguration in versions 0.1.0 through 0.3.4 left out a Content Security Policy and security headers, potentially bypassing XSS filters. The issue was fixed in version 0.3.5. Affected: Hush L...
CVE-2024-55888 Content Security Policy appears to be missing in software and production setup
Hush Line is an open-source whistleblower management system. Starting in version 0.1.0 and prior to version 0.3.5, the productions server appeared to have been misconfigured and missed providing any content security policy or security headers. This could result in bypassing of cross-site scriptin...
Hush Line 安全漏洞
Hush Line is a free open source anonymous tip line service from Science & Design Open Source. A security vulnerability exists in Hush Line version 0.1.0 through versions prior to 0.3.5, which stems from a production server misconfiguration that does not provide any content security policy or...
PT-2024-36602 · Hush Line · Hush Line
Name of the Vulnerable Software and Affected Versions: Hush Line versions 0.1.0 through 0.3.4 Description: Hush Line is an open-source whistleblower management system. The production server was misconfigured, missing content security policy and security headers, which could result in bypassing of...
CVE-2024-38522
Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals. The CSP policy applied on the tips.hushline.app website and bundled by default in this repository is trivial to bypass. This vulnerability has been patched in version 0.1.0...
CVE-2024-38522 CSP bypass in Hush Line
Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals. The CSP policy applied on the tips.hushline.app website and bundled by default in this repository is trivial to bypass. This vulnerability has been patched in version 0.1.0...
CVE-2024-38522
CVE-2024-38522 affects Hush Line (CSP bypass in the tips.hushline.app site and repository). The vulnerability arises from a CSP policy that is trivial to bypass, with patched fix in version 0.1.0. The CVE shows a medium severity (CVSS v3.1: 6.3) with Network attack vector, low impact on confident...
CVE-2024-38522 CSP bypass in Hush Line
Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals. The CSP policy applied on the tips.hushline.app website and bundled by default in this repository is trivial to bypass. This vulnerability has been patched in version 0.1.0...
CVE-2024-38522 CSP bypass in Hush Line
Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals. The CSP policy applied on the tips.hushline.app website and bundled by default in this repository is trivial to bypass. This vulnerability has been patched in version 0.1.0...
CVE-2024-38521
Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals. There is a stored XSS in the Inbox. The input is displayed using the safe Jinja2 attribute, and thus not sanitized upon display. This issue has been patched in version 0.1.0...
CVE-2024-38521
Vulnerability: CVE-2024-38521 affects Hush Line prior to version 0.1.0, with a stored XSS in the Inbox. The input is displayed using the safe Jinja2 attribute, and is not sanitized on display. Root cause (from PT-2024-28049): mis-handling of user-controlled input in the Inbox leads to stored XSS....
CVE-2024-38521 Persistent Cross-Site Scripting (XSS) in hushline inbox
Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals. There is a stored XSS in the Inbox. The input is displayed using the safe Jinja2 attribute, and thus not sanitized upon display. This issue has been patched in version 0.1.0...