10 matches found
CVE-2026-3321 Authorization Bypass in ON24 Q&A chat
A vulnerability of authorization bypass through user-controlled key in the 'console-survey/api/v1/answer/EVENTID/TIMESTAMP/' endpoint. Exploiting this vulnerability would allow an unauthenticated attacker to enumerate event IDs and obtain the complete Q&A history. This publicly exposed data may...
CVE-2026-3321
CVE-2026-3321 describes an authorization bypass in ON24 Q&A chat, via a user-controlled key in the endpoint console-survey/api/v1/answer/{EVENTID}/{TIMESTAMP}/. An unauthenticated attacker can enumerate event IDs and access the full Q&A history, exposing IDs, private URLs, messages, references, a...
ON24 Q&A Chat 安全漏洞
ON24 Q&A Chat is an online interactive Q&A and chat component developed by ON24 Inc. There is a security vulnerability in ON24 Q&A Chat. This vulnerability stems from the console-survey/api/v1/answer/EVENTID/TIMESTAMP/ endpoint, which allows unauthorized access through bypassing user-controlled...
EUVD-2021-21470
Malware in sbrugna...
CVE-2021-34823
The ON24 ScreenShare aka DesktopScreenShare.app plugin before 2.0 for macOS allows remote file access via its built-in HTTP server. This allows unauthenticated remote users to retrieve files accessible to the logged-on macOS user. When a remote user sends a crafted HTTP request to the server, it...
CVE-2021-34823
The ON24 ScreenShare aka DesktopScreenShare.app plugin before 2.0 for macOS allows remote file access via its built-in HTTP server. This allows unauthenticated remote users to retrieve files accessible to the logged-on macOS user. When a remote user sends a crafted HTTP request to the server, it...
Path traversal
The ON24 ScreenShare aka DesktopScreenShare.app plugin before 2.0 for macOS allows remote file access via its built-in HTTP server. This allows unauthenticated remote users to retrieve files accessible to the logged-on macOS user. When a remote user sends a crafted HTTP request to the server, it...
CVE-2021-34823
The ON24 ScreenShare aka DesktopScreenShare.app plugin before 2.0 for macOS allows remote file access via its built-in HTTP server. This allows unauthenticated remote users to retrieve files accessible to the logged-on macOS user. When a remote user sends a crafted HTTP request to the server, it...
CVE-2021-34823
CVE-2021-34823 affects the ON24 ScreenShare (DesktopScreenShare.app) plugin for macOS prior to version 2.0. An unauthenticated remote user can access files via the plugin’s built-in HTTP server. The vulnerability triggers a code path that downloads a configuration file from a remote machine over ...
on24.com Improper Access Control vulnerability OBB-1249173
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...