Lucene search
K

11 matches found

EUVD
EUVD
added yesterday7 views

EUVD-2026-41842

Improper Input Validation, Unintended Proxy or Intermediary 'Confused Deputy' vulnerability in Apache Camel DAPR component. The camel-dapr Dapr Pub/Sub consumer DaprPubSubConsumer copied two fields from each inbound CloudEvent - its Pub/Sub component name and its topic - into the...

6.5CVSS6AI score0.00209EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/06/09 9:59 p.m.14 views

PhoenixStorybook has cross-session PubSub topic injection via URL parameter

Summary The storybook iframe LiveView accepts a PubSub topic from the URL query string and broadcasts its own pid onto that topic with no check that the topic belongs to the current session. Any unauthenticated visitor who knows or guesses another user's playground topic can hijack the...

2.3CVSS5.5AI score0.00449EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/06/09 9:59 p.m.9 views

GHSA-MRHX-6PW9-Q5FH PhoenixStorybook has cross-session PubSub topic injection via URL parameter

Summary The storybook iframe LiveView accepts a PubSub topic from the URL query string and broadcasts its own pid onto that topic with no check that the topic belongs to the current session. Any unauthenticated visitor who knows or guesses another user's playground topic can hijack the...

2.3CVSS5.5AI score0.00449EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/05/21 7:57 p.m.10 views

CVE-2026-47068

Authorization Bypass Through User-Controlled Key vulnerability in phenixdigital phoenixstorybook allows cross-session PubSub topic injection via a URL query parameter. 'Elixir.PhoenixStorybook.Story.ComponentIframeLive':handleparams/3 in lib/phoenixstorybook/live/story/componentiframelive.ex read...

2.3CVSS5.8AI score0.00449EPSS
Exploits0References1
NVD
NVD
added 2026/05/20 2:17 p.m.19 views

CVE-2026-47068

Authorization Bypass Through User-Controlled Key vulnerability in phenixdigital phoenixstorybook allows cross-session PubSub topic injection via a URL query parameter. 'Elixir.PhoenixStorybook.Story.ComponentIframeLive':handleparams/3 in lib/phoenixstorybook/live/story/componentiframelive.ex read...

2.3CVSS0.00449EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/20 1:35 p.m.8 views

CVE-2026-47068 Cross-session PubSub topic injection via URL parameter in phoenix_storybook

Authorization Bypass Through User-Controlled Key vulnerability in phenixdigital phoenixstorybook allows cross-session PubSub topic injection via a URL query parameter. 'Elixir.PhoenixStorybook.Story.ComponentIframeLive':handleparams/3 in lib/phoenixstorybook/live/story/componentiframelive.ex read...

2.3CVSS5.8AI score0.00449EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/20 1:35 p.m.13 views

CVE-2026-47068

Authorization Bypass Through User-Controlled Key vulnerability in phenixdigital phoenixstorybook allows cross-session PubSub topic injection via a URL query parameter. 'Elixir.PhoenixStorybook.Story.ComponentIframeLive':handleparams/3 in lib/phoenixstorybook/live/story/componentiframelive.ex read...

2.3CVSS5.8AI score0.00449EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/05/20 1:35 p.m.28 views

CVE-2026-47068

The vulnerability is an Authorization Bypass in phoenix_storybook: Elixir.PhoenixStorybook.Story.ComponentIframeLive reads topic from params and broadcasts the iframe process PID on that PubSub topic without verifying session ownership, enabling cross-session topic injection. An attacker can load...

2.3CVSS5.8AI score0.00449EPSS
Exploits0References4
OSV
OSV
added 2026/05/20 1:35 p.m.6 views

EEF-CVE-2026-47068 Cross-session PubSub topic injection via URL parameter in phoenix_storybook

Summary Authorization Bypass Through User-Controlled Key vulnerability in phenixdigital phoenixstorybook allows cross-session PubSub topic injection via a URL query parameter. 'Elixir.PhoenixStorybook.Story.ComponentIframeLive':handleparams/3 in...

2.3CVSS5.8AI score0.00449EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.17 views

PT-2026-42177

Name of the Vulnerable Software and Affected Versions phoenix storybook versions 0.4.0 through 1.0.x Description An authorization bypass occurs due to user-controlled keys, allowing cross-session PubSub topic injection via a URL query parameter. The function handle params/3 in...

2.3CVSS5.5AI score0.00449EPSS
Exploits0References11
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.12 views

PhoenixStorybook 安全漏洞

PhoenixStorybook is an open-source component display and interaction debugging UI tool developed by Phenix Digital. Versions of PhoenixStorybook from 0.4.0 to 1.1.0 contained security vulnerabilities. These vulnerabilities stemmed from bypassing authorization using user-controlled keys. Attackers...

2.3CVSS5.8AI score0.00449EPSS
Exploits0References2
Rows per page
Query Builder