22 matches found
EUVD-2021-25571
Malware in sbrugna...
CVE-2024-3102
A JSON Injection vulnerability exists in the mintplex-labs/anything-llm application, specifically within the username parameter during the login process at the /api/request-token endpoint. The vulnerability arises from improper handling of values, allowing attackers to perform brute force attacks...
CVE-2021-39169
Misskey is a decentralized microblogging platform. In versions of Misskey prior to 12.51.0, malicious actors can use the web client built-in dialog to display a malicious string, leading to cross-site scripting XSS. XSS could compromise the API request token. This issue has been fixed in version...
CVE-2024-3102
A JSON Injection vulnerability exists in the mintplex-labs/anything-llm application, specifically within the username parameter during the login process at the /api/request-token endpoint. The vulnerability arises from improper handling of values, allowing attackers to perform brute force attacks...
CVE-2024-3102 JSON Injection in mintplex-labs/anything-llm
A JSON Injection vulnerability exists in the mintplex-labs/anything-llm application, specifically within the username parameter during the login process at the /api/request-token endpoint. The vulnerability arises from improper handling of values, allowing attackers to perform brute force attacks...
CVE-2024-3102
CVE-2024-3102 affects mintplex-labs/anything-llm via a JSON Injection in the login flow, specifically the username parameter at /api/request-token. The root cause is improper handling of values, enabling brute-force attempts without prior username knowledge and, once the password is known, blind ...
PT-2024-23727 · Mintplex · Anything-Llm
Name of the Vulnerable Software and Affected Versions: mintplex-labs/anything-llm affected versions not specified Description: A JSON Injection issue exists in the application, specifically within the username parameter during the login process at the "/api/request-token" endpoint. This issue...
Exploit for Cross-site Scripting in Zotpress_Project Zotpress
CVE-2023-32961 This repository is about XSS vulnerability in...
CVE-2022-34094
Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to contain a cross-site scripting XSS vulnerability via requesttoken.php...
CVE-2022-34094
Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to contain a cross-site scripting XSS vulnerability via requesttoken.php...
CVE-2022-34094
Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to contain a cross-site scripting XSS vulnerability via requesttoken.php...
i3geo 跨站脚本漏洞
i3geo is a saladesituacao open source application for developing interactive web maps. A security vulnerability exists in i3geo version v7.0.5, which stems from the presence of XSS in requesttoken.php...
PT-2022-22004 · I3Geo · I3Geo
Name of the Vulnerable Software and Affected Versions: Portal do Software Publico Brasileiro i3geo version 7.0.5 Description: The issue is related to a cross-site scripting XSS vulnerability. This vulnerability was discovered via the request token.php file, which suggests it may be related to the...
Contao CSRF Token Bypass
Security researcher Ali Razzaq has discovered that the request token check can be bypassed in Contao 4.7...
Misskey Cross-Site Scripting Vulnerability (CNVD-2021-66913)
Misskey is a micro-blogging platform. A cross-site scripting vulnerability exists in versions of Misskey prior to 12.51.0, which stems from a built-in dialog box in the Web client that does not validate and escape user input. An attacker could display a malicious string in the dialog box and use ...
CVE-2021-39169
Misskey is a decentralized microblogging platform. In versions of Misskey prior to 12.51.0, malicious actors can use the web client built-in dialog to display a malicious string, leading to cross-site scripting XSS. XSS could compromise the API request token. This issue has been fixed in version...
CVE-2021-39169
Misskey is a decentralized microblogging platform. In versions of Misskey prior to 12.51.0, malicious actors can use the web client built-in dialog to display a malicious string, leading to cross-site scripting XSS. XSS could compromise the API request token. This issue has been fixed in version...
Cross site scripting
Misskey is a decentralized microblogging platform. In versions of Misskey prior to 12.51.0, malicious actors can use the web client built-in dialog to display a malicious string, leading to cross-site scripting XSS. XSS could compromise the API request token. This issue has been fixed in version...
openstack-keystone: OAuth1 request token authorize silently ignores roles parameter
A flaw was found in Keystone, where it inadvertently provided OAuth1 access tokens to every role assignment the creator had for a project, resulting in giving more permissions and escalated access in role assignments than intended. The greatest impact is on confidentiality...
Bypassing the request token check
Date : 2019-04-09 CVE ID : CVE-2019-10642 Description Security researcher Ali Razzaq has discovered that the request token check can be bypassed in Contao 4.7 Affected versions Contao 4.7 up to 4.7.2 Suggested solution Update to Contao 4.7.3...