CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Passbolt API before 4.6.2 allows HTML injection in a URL parameter, resulting in custom content being displayed when a user visits the crafted URL. Although the injected content is not executed as JavaScript due to Content Security Policy CSP restrictions, it may still impact the appearance and...

4.3CVSS6.8AI score0.0046EPSS

Exploits0References1

RedhatCVE•added 2025/03/15 2:15 a.m.•9 views

CVE-2025-27913

Passbolt API before 5, if the server is misconfigured with an incorrect installation process and disregarding of Health Check results, can send email messages with a domain name taken from an attacker-controlled HTTP Host header...

7.5CVSS6.9AI score0.00115EPSS

Exploits0References1

NVD•added 2025/03/10 8:15 p.m.•11 views

CVE-2025-27913

7.5CVSS0.00115EPSS

Exploits0References1

OSV•added 2025/03/10 8:15 p.m.•1 views

CVE-2025-27913

2.1CVSS7.1AI score

Exploits0References1

Vulnrichment•added 2025/03/10 12:0 a.m.•5 views

CVE-2025-27913

2.1CVSS7.2AI score0.00115EPSS

Exploits0References1

Cvelist•added 2025/03/10 12:0 a.m.•9 views

CVE-2025-27913

2.1CVSS0.00115EPSS

Exploits0References1

CVE•added 2025/03/10 12:0 a.m.•86 views

CVE-2025-27913

CVE-2025-27913 concerns Passbolt API prior to version 5. The description in multiple sources states that a server misconfiguration during installation (and disregard of Health Check results) allows emails to be sent with a domain name taken from an attacker-controlled HTTP Host header. The CVSS d...

7.5CVSS7.2AI score0.00115EPSS

Exploits0References1Affected Software1

NVD•added 2024/04/26 1:15 a.m.•4 views

CVE-2024-33670

4.3CVSS4.7AI score0.0046EPSS

Exploits0References3

OSV•added 2024/04/26 1:15 a.m.•1 views

CVE-2024-33670

4.3CVSS7AI score

Exploits0References3

Positive Technologies•added 2024/04/26 12:0 a.m.•1 views

PT-2024-25428 · Passbolt · Passbolt Api

Name of the Vulnerable Software and Affected Versions: Passbolt API versions prior to 4.6.2 Description: The issue allows HTML injection in a URL parameter, resulting in custom content being displayed when a user visits the crafted URL. Although the injected content is not executed as JavaScript...

4.3CVSS4.7AI score0.0046EPSS

Exploits0References9

Github Security Blog•added 2022/05/14 3:50 a.m.•13 views

Passbolt API is vulnerable to XSS in the url field on the password workspace grid and sidebar

Passbolt API version 1.6.4 and older are vulnerable to a XSS in the url field on the password workspace...

5.4CVSS5.3AI score0.0025EPSS

Exploits0References6Affected Software1

OSV•added 2022/05/14 3:50 a.m.•2 views

GHSA-J2FP-9WP5-MG66 Passbolt API is vulnerable to XSS in the url field on the password workspace grid and sidebar

Passbolt API version 1.6.4 and older are vulnerable to a XSS in the url field on the password workspace...

5.4CVSS6.1AI score0.0025EPSS

Exploits0References6

CNVD•added 2018/01/04 12:0 a.m.•0 views

Passbolt Cross-Site Scripting Vulnerability

Passbolt API is an open source team password manager. A cross-site scripting vulnerability exists in the url field of the password workspace in Passbolt API versions 1.6.4 and earlier. A remote attacker could exploit this vulnerability to execute code, alter or delete resources...

5.4CVSS6.6AI score0.0025EPSS

Exploits0References1