9 matches found
GHSA-5JGJ-H9WP-53FR Known vulnerable to code execution via SVG file in v1.3.1
An issue in the isSVG function of Known v1.3.1 allows attackers to execute arbitrary code via a crafted SVG file. The researcher report indicates that versions 1.3.1 and prior are vulnerable. Version 1.2.2 is the last version tagged on GitHub and in Packagist, and development related to the 1.3.x...
GHSA-4V4P-87M3-5423 Known v1.3.1 contains Insecure Direct Object Reference
Known v1.3.1 was discovered to contain an Insecure Direct Object Reference IDOR. The researcher report indicates that versions 1.3.1 and prior are vulnerable. Version 1.2.2 is the last version tagged on GitHub and in Packagist, and development related to the 1.3.x branch is currently on the dev...
GHSA-G688-7J3C-H9F3 Known v1.3.1 Cross-site Scripting
A cross-site scripting XSS vulnerability in Known v1.3.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Your Name text field. The researcher report indicates that versions 1.3.1 and prior are vulnerable. Version 1.2.2 is the last...
Known v1.3.1 contains Insecure Direct Object Reference
Known v1.3.1 was discovered to contain an Insecure Direct Object Reference IDOR. The researcher report indicates that versions 1.3.1 and prior are vulnerable. Version 1.2.2 is the last version tagged on GitHub and in Packagist, and development related to the 1.3.x branch is currently on the dev...
Known vulnerable to account takeover via host header injection attack in v1.3.1
Known v1.3.1 was discovered to allow attackers to perform an account takeover via a host header injection attack. The researcher report indicates that versions 1.3.1 and prior are vulnerable. Version 1.2.2 is the last version tagged on GitHub and in Packagist, and development related to the 1.3.x...
Known v1.3.1 Cross-site Scripting
A cross-site scripting XSS vulnerability in Known v1.3.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Your Name text field. The researcher report indicates that versions 1.3.1 and prior are vulnerable. Version 1.2.2 is the last...
CVE-2022-33011
Known v1.3.1+2020120201 was discovered to allow attackers to perform an account takeover via a host header injection attack...
CVE-2022-30852
Known v1.3.1 was discovered to contain an Insecure Direct Object Reference IDOR...
CVE-2022-33011
CVE-2022-33011 affects Known (open-source social publishing platform). Multiple connected sources corroborate an account takeover via host header injection in v1.3.1 and earlier. Red Hat, Veracode and OSV entries describe the root cause as lack of validation in the password reset flow, notably in...