Lucene search
K

9 matches found

OSV
OSV
added 2022/07/09 12:0 a.m.19 views

GHSA-5JGJ-H9WP-53FR Known vulnerable to code execution via SVG file in v1.3.1

An issue in the isSVG function of Known v1.3.1 allows attackers to execute arbitrary code via a crafted SVG file. The researcher report indicates that versions 1.3.1 and prior are vulnerable. Version 1.2.2 is the last version tagged on GitHub and in Packagist, and development related to the 1.3.x...

6.1CVSS6.7AI score0.01271EPSS
Exploits1References6
OSV
OSV
added 2022/07/09 12:0 a.m.21 views

GHSA-4V4P-87M3-5423 Known v1.3.1 contains Insecure Direct Object Reference

Known v1.3.1 was discovered to contain an Insecure Direct Object Reference IDOR. The researcher report indicates that versions 1.3.1 and prior are vulnerable. Version 1.2.2 is the last version tagged on GitHub and in Packagist, and development related to the 1.3.x branch is currently on the dev...

4.3CVSS4.6AI score0.00885EPSS
Exploits1References4
OSV
OSV
added 2022/07/09 12:0 a.m.13 views

GHSA-G688-7J3C-H9F3 Known v1.3.1 Cross-site Scripting

A cross-site scripting XSS vulnerability in Known v1.3.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Your Name text field. The researcher report indicates that versions 1.3.1 and prior are vulnerable. Version 1.2.2 is the last...

5.4CVSS5.2AI score0.00797EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2022/07/09 12:0 a.m.25 views

Known v1.3.1 contains Insecure Direct Object Reference

Known v1.3.1 was discovered to contain an Insecure Direct Object Reference IDOR. The researcher report indicates that versions 1.3.1 and prior are vulnerable. Version 1.2.2 is the last version tagged on GitHub and in Packagist, and development related to the 1.3.x branch is currently on the dev...

4.3CVSS5.2AI score0.00885EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/07/09 12:0 a.m.28 views

Known vulnerable to account takeover via host header injection attack in v1.3.1

Known v1.3.1 was discovered to allow attackers to perform an account takeover via a host header injection attack. The researcher report indicates that versions 1.3.1 and prior are vulnerable. Version 1.2.2 is the last version tagged on GitHub and in Packagist, and development related to the 1.3.x...

8.8CVSS8.6AI score0.01416EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2022/07/09 12:0 a.m.37 views

Known v1.3.1 Cross-site Scripting

A cross-site scripting XSS vulnerability in Known v1.3.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Your Name text field. The researcher report indicates that versions 1.3.1 and prior are vulnerable. Version 1.2.2 is the last...

5.4CVSS5.1AI score0.00797EPSS
Exploits1References6Affected Software1
NVD
NVD
added 2022/07/08 12:15 p.m.24 views

CVE-2022-33011

Known v1.3.1+2020120201 was discovered to allow attackers to perform an account takeover via a host header injection attack...

8.8CVSS0.01416EPSS
Exploits1References4
NVD
NVD
added 2022/07/08 12:15 p.m.26 views

CVE-2022-30852

Known v1.3.1 was discovered to contain an Insecure Direct Object Reference IDOR...

4.3CVSS0.00885EPSS
Exploits1References3
CVE
CVE
added 2022/07/08 11:10 a.m.84 views

CVE-2022-33011

CVE-2022-33011 affects Known (open-source social publishing platform). Multiple connected sources corroborate an account takeover via host header injection in v1.3.1 and earlier. Red Hat, Veracode and OSV entries describe the root cause as lack of validation in the password reset flow, notably in...

8.8CVSS8.8AI score0.01416EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder