2 matches found
CVE-2025-57821
Basecamp's Google Sign-In adds Google sign-in to Rails applications. Prior to version 1.3.0, it is possible to craft a malformed URL that passes the "same origin" check, resulting in the user being redirected to another origin. Rails applications configured to store the flash information in a...
Cross-site Scripting (XSS)
Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Cross-site Scripting XSS. An attacker with a user-level account can manipulate session cookies to hijack administrator sessions, leading to unauthorized actions and potential system compromise by embedding a...