14 matches found
PT-2026-45855
Name of the Vulnerable Software and Affected Versions authentik versions prior to 2025.12.5 authentik versions prior to 2026.2.3 Description An issue exists in the Simple Flow Executor SFE, which is a component used to manage the sequence of steps in an authentication flow. Due to the...
CVE-2024-13993
Nagios XI versions prior to 2024R1.1.2 are vulnerable to a reflected cross-site scripting XSS via the login page when accessed with older web browsers. Insufficient validation or escaping of user-supplied input reflected by the login page can allow an attacker to craft a malicious link that, when...
CVE-2024-13993
Nagios XI versions prior to 2024R1.1.2 are vulnerable to a reflected cross-site scripting XSS via the login page when accessed with older web browsers. Insufficient validation or escaping of user-supplied input reflected by the login page can allow an attacker to craft a malicious link that, when...
CVE-2024-13993
Nagios XI versions prior to 2024R1.1.2 are vulnerable to a reflected cross-site scripting XSS via the login page when accessed with older web browsers. Insufficient validation or escaping of user-supplied input reflected by the login page can allow an attacker to craft a malicious link that, when...
EUVD-2025-24666
Malicious code in bioql PyPI...
GHSA-XCXH-6CV4-Q8P8 HFS user adding a "web link" in HFS is vulnerable to "target=_blank" exploit
Summary When adding a "web link" to the HFS virtual filesystem, the frontend opens it with target="blank" but without the rel="noopener noreferrer" attribute. This allows the opened page to use the window.opener property to change the location of the original HFS tab. Details While most modern...
PT-2025-34325 · Npm · Hfs
Summary When adding a "web link" to the HFS virtual filesystem, the frontend opens it with target=" blank" but without the rel="noopener noreferrer" attribute. This allows the opened page to use the window.opener property to change the location of the original HFS tab. Details While most modern...
Supply Chain Attack
Fides is vulnerable to Supply Chain Attack. The vulnerability is due to mishandling of client-side script dependencies and the use of a compromised third-party domain like polyfill.io. The vulnerability allows an attacker to serve malicious scripts to users of legacy browsers when they load...
Inclusion of Untrusted polyfill.io Code Vulnerability in fides.js
Note On Thursday, June 27, 2024, Cloudflare and Namecheap intervened at a domain level to ensure polyfill.io and its subdomains could not resolve to the compromised service, rendering this vulnerability unexploitable. The following sections describe this vulnerability prior to the domain level...
CVE-2024-38537
Fides (Ethical) vulnerability CVE-2024-38537 affects the client-side script fides.js, which in a limited edge case used the polyfill.io domain to support legacy browsers (IE11) lacking fetch. If the polyfill.io domain was compromised, legacy-browser users could download and execute malicious scri...
amq-on: CSRF (in graphQL requests)
A flaw was found in the AMQ Online console, where it is vulnerable to a Cross-Site Request Forgery attack CSRF, which is exploitable in cases where preflight checks are not instigated or bypassed. This flaw allows an attacker to target authorized users using an older browser with Adobe Flash. The...
Missing 'X-XSS-Protection' Header
The HTTP 'X-XSS-Protection' response header is a feature of old browsers that allows websites to control their XSS auditors.\n\nThe server is not configured to return a 'X-XSS-Protection' header which means that any pages on this website could be at risk of a Cross-Site Scripting XSS attack. This...
[ASA-201612-12] python2-html5lib: cross-site scripting
Arch Linux Security Advisory ASA-201612-12 ========================================== Severity: Low Date : 2016-12-12 CVE-ID : CVE-2016-9909 CVE-2016-9910 Package : python2-html5lib Type : cross-site scripting Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The packag...
[ASA-201612-13] python-html5lib: cross-site scripting
Arch Linux Security Advisory ASA-201612-13 ========================================== Severity: Low Date : 2016-12-12 CVE-ID : CVE-2016-9909 CVE-2016-9910 Package : python-html5lib Type : cross-site scripting Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package...