Lucene search
K

6 matches found

NVD
NVD
added 2026/06/18 10:16 p.m.13 views

CVE-2026-22674

Hashgraph Guardian through 3.6.0, fixed in commit ba8c566, contains a stored cross-site scripting vulnerability that allows authenticated users with the STANDARDREGISTRY role to inject malicious scripts by submitting a crafted companyName value via the branding configuration API endpoint. Attacke...

4.8CVSS0.00177EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/18 9:8 p.m.7 views

CVE-2026-22674

Hashgraph Guardian through 3.6.0, fixed in commit ba8c566, contains a stored cross-site scripting vulnerability that allows authenticated users with the STANDARDREGISTRY role to inject malicious scripts by submitting a crafted companyName value via the branding configuration API endpoint. Attacke...

4.8CVSS6AI score0.00177EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/18 9:8 p.m.25 views

CVE-2026-22674 Hashgraph Guardian Stored XSS via branding companyName field

Hashgraph Guardian through 3.6.0, fixed in commit ba8c566, contains a stored cross-site scripting vulnerability that allows authenticated users with the STANDARDREGISTRY role to inject malicious scripts by submitting a crafted companyName value via the branding configuration API endpoint. Attacke...

4.8CVSS0.00177EPSS
Exploits0References3
CVE
CVE
added 2026/06/18 9:8 p.m.25 views

CVE-2026-22674

Hashgraph Guardian prior to 3.5.0 is affected by a stored XSS vulnerability in the branding configuration API endpoint. The issue arises from unsanitized innerHTML in the branding service, allowing an authenticated user with the STANDARD_REGISTRY role to inject malicious scripts by submitting a c...

4.8CVSS6AI score0.00177EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.17 views

PT-2026-50797

Name of the Vulnerable Software and Affected Versions Hashgraph Guardian versions prior to 3.5.0 commit ba8c566 Description A stored cross-site scripting issue exists where authenticated users with the STANDARD REGISTRY role can inject malicious scripts. This occurs by submitting a crafted...

4.8CVSS5.9AI score0.00177EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.8 views

PT-2026-31677

Name of the Vulnerable Software and Affected Versions Hashgraph Guardian versions through 3.5.0 Description Hashgraph Guardian through version 3.5.0 has an unsandboxed JavaScript execution issue in the Custom Logic policy block worker. Authenticated Standard Registry users can execute arbitrary...

8.8CVSS6.2AI score0.00545EPSS
Exploits0References6
Rows per page
Query Builder