Lucene search
K

10 matches found

Positive Technologies
Positive Technologies
added 2025/12/05 12:0 a.m.9 views

PT-2025-49322

Name of the Vulnerable Software and Affected Versions HedgeDoc versions prior to 1.10.4 Description HedgeDoc is a real-time, collaborative, markdown notes application. Certain OAuth2 endpoints used for social login providers—including Google, GitHub, GitLab, Facebook, and Dropbox—did not include...

4.3CVSS6.7AI score0.00086EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2025/06/27 2:25 p.m.5 views

CVE-2025-48954

Discourse is an open-source discussion platform. Versions prior to 3.5.0.beta6 are vulnerable to cross-site scripting when the content security policy isn't enabled when using social logins. Version 3.5.0.beta6 patches the issue. As a workaround, have the content security policy enabled...

8.1CVSS6.6AI score0.0063EPSS
Exploits0References1
NVD
NVD
added 2025/06/25 2:15 p.m.6 views

CVE-2025-48954

Discourse is an open-source discussion platform. Versions prior to 3.5.0.beta6 are vulnerable to cross-site scripting when the content security policy isn't enabled when using social logins. Version 3.5.0.beta6 patches the issue. As a workaround, have the content security policy enabled...

8.1CVSS0.0063EPSS
Exploits0References1
OSV
OSV
added 2025/06/25 2:2 p.m.3 views

CVE-2025-48954 Discourse vulnerable to XSS via user-provided query parameter in oauth failure flow

Discourse is an open-source discussion platform. Versions prior to 3.5.0.beta6 are vulnerable to cross-site scripting when the content security policy isn't enabled when using social logins. Version 3.5.0.beta6 patches the issue. As a workaround, have the content security policy enabled...

8.1CVSS6AI score0.0063EPSS
Exploits0References3
EUVD
EUVD
added 2025/06/25 2:2 p.m.4 views

EUVD-2025-28274

Discourse is an open-source discussion platform. Versions prior to 3.5.0.beta6 are vulnerable to cross-site scripting when the content security policy isn't enabled when using social logins. Version 3.5.0.beta6 patches the issue. As a workaround, have the content security policy enabled...

8.1CVSS5.7AI score0.0063EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/25 11:12 a.m.12 views

CVE-2024-11917 JobSearch WP Job Board <= 2.9.2 - Authentication Bypass via Social Logins

The JobSearch WP Job Board plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.9.2. This is due to improper configurations in the 'jobsearchxingresponsedatacallback', 'setaccesstokes', and 'googlecallback' functions. This makes it possible for...

8.1CVSS8.1AI score0.00448EPSS
Exploits0References2
Malwarebytes
Malwarebytes
added 2024/06/05 10:3 a.m.30 views

Big name TikTok accounts hijacked after opening DM

High profile TikTok accounts, including CNN, Sony, and—er­—Paris Hilton have been targeted in a recent attack. CNN was the first account takeover that made the news, with Semafor reporting that the account was down for several days after the incident. According to Forbes, the attack happens witho...

7.4AI score
Exploits0
Huntr
Huntr
added 2023/02/12 1:7 p.m.76 views

Account Takeover and Persistence due to the Oauth Misconfiguration

Team, May you all be well on your side of the screen. : . While Doing some research on thehttps://cal.com/, I was able to find a Pre-Account Takeover vulnerability. Proof of concept: . I have created a video demonstration of the vulnerability and uploaded it to my Google Drive. . The link for the...

6.5CVSS8.4AI score0.08958EPSS
Exploits5References1
Huntr
Huntr
added 2022/05/05 11:57 p.m.45 views

Users Account Pre-Takeover or Users Account Takeover.

Team, May you all be well on your side of the screen. : While Doing some research on the https://microweber.org, I was able to find a Pre-Account Takeover vulnerability. Kindly check the proof of concept video & reproduction steps for better understanding. Proof of concept: I have uploaded the bo...

6.8CVSS0.7AI score0.08958EPSS
Exploits4
Hacker One
Hacker One
added 2019/08/15 9:48 a.m.14 views

Vanilla: XSS For Profile Name

Summary: In short, if your username is something as simple as alert1 this will not be filtered when viewing your profile page. The unfiltered script alert is echo'd underneath your image in your profile. This can be viewed by anyone viewing your profile Although in some cases the browser will...

0.5AI score
Exploits0
Rows per page
Query Builder