2 matches found
CVE-2024-52593
Misskey (open source, federated social platform) has a vulnerability from missing validation in NoteCreateService.insertNote, ApPersonService.createPerson, and ApPersonService.updatePerson. An attacker can set the target of any origin links (e.g., the “view on remote instance” banner) to any HTTP...
CVE-2024-52593 Missing validation allows spoofed "origin" links in Misskey
Misskey is an open source, federated social media platform.In affected versions missing validation in NoteCreateService.insertNote, ApPersonService.createPerson, and ApPersonService.updatePerson allows an attacker to control the target of any "origin" links such as the "view on remote instance"...