7 matches found
Magento LTS vulnerable to stored XSS in theme config fields
As reported by Aakash Adhikari, Github: @justlife4x4, the Design Themes Skin Images / CSS config field allows a Stored XSS when it contains an end script tag. Impact A malicious user with access to this configuration field could use a Stored XSS to affect other authenticated admin users in the...
CVE-2024-1739
lunary-ai/lunary is vulnerable to an authentication issue due to improper validation of email addresses during the signup process. Specifically, the server fails to treat email addresses as case insensitive, allowing the creation of multiple accounts with the same email address by varying the cas...
CVE-2024-1739 Case Insensitive Email Address Validation Vulnerability in lunary-ai/lunary
lunary-ai/lunary is vulnerable to an authentication issue due to improper validation of email addresses during the signup process. Specifically, the server fails to treat email addresses as case insensitive, allowing the creation of multiple accounts with the same email address by varying the cas...
CVE-2024-1739 Case Insensitive Email Address Validation Vulnerability in lunary-ai/lunary
lunary-ai/lunary is vulnerable to an authentication issue due to improper validation of email addresses during the signup process. Specifically, the server fails to treat email addresses as case insensitive, allowing the creation of multiple accounts with the same email address by varying the cas...
CVE-2024-1739
CVE-2024-1739 affects lunary-ai/lunary and describes an authentication issue caused by improper validation of email addresses during signup. The server does not treat emails as case-insensitive, allowing multiple accounts to be created for the same address by varying case (e.g., [email protected] vs ...
GHSA-VP68-2WRM-69QM matrix-sdk-crypto contains potential impersonation via room key forward responses
Impact When matrix-rust-sdk before 0.6 requests a room key from our devices, it correctly accepts key forwards only if they are a response to a previous request. However, it doesn't check that the device that responded matches the device the key was requested from. This allows a malicious...
matrix-sdk-crypto contains potential impersonation via room key forward responses
Impact When matrix-rust-sdk before 0.6 requests a room key from our devices, it correctly accepts key forwards only if they are a response to a previous request. However, it doesn't check that the device that responded matches the device the key was requested from. This allows a malicious...