6 matches found
Denial Of Service (DOS)
Raneto is vulnerable to Denial of Service. The vulnerability is due to the GET search endpoint located at app/routes/search.route.js. An unauthenticated attacker can supply a malicious search query, crashing the program...
Cross-site Scripting (XSS)
raneto is vulnerable to cross-site scripting. The vulnerability exists in routepageedit function in page.edit.route.js due to improper html escaping on submit of page edit which allows an attacker to inject and execute malicious javascript...
GHSA-XXC2-J7JJ-6G5M Raneto Denial of Service via crafted payload injected into `Search` parameter
An issue in Renato v0.17.0 allows attackers to cause a Denial of Service DoS via a crafted payload injected into the Search parameter...
GHSA-7942-2FX8-QHPF Raneto v0.17.0 employs weak password complexity requirements
Raneto v0.17.0 employs weak password complexity requirements, allowing attackers to crack user passwords via brute-force attacks. Version 0.17.1 contains security mitigations for this and other vulnerabilities...
Raneto vulnerable to Cross-site Scripting
Renato v0.17.0 was discovered to contain a cross-site scripting XSS vulnerability. This issue is fixed in version 0.17.1...
Raneto v0.17.0 employs weak password complexity requirements
Raneto v0.17.0 employs weak password complexity requirements, allowing attackers to crack user passwords via brute-force attacks. Version 0.17.1 contains security mitigations for this and other vulnerabilities...