CVE-2022-4930

A vulnerability classified as problematic was found in nuxsmin sysPass up to 3.2.4. Affected by this vulnerability is an unknown functionality of the component URL Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 3.2.5 is able to...

Cross site scripting

A vulnerability classified as problematic was found in nuxsmin sysPass up to 3.2.4. Affected by this vulnerability is an unknown functionality of the component URL Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 3.2.5 is able to...

CVE-2022-4930

The CVE-2022-4930 entry concerns nuxsmin sysPass (up to version 3.2.4). The vulnerability is an XSS in the URL Handler that can be exploited remotely. The issue is tied to an unknown functionality, with manipulation leading to cross-site scripting. A fix is available in version 3.2.5, and the pat...

CVE-2022-4930 nuxsmin sysPass URL cross site scripting

A vulnerability classified as problematic was found in nuxsmin sysPass up to 3.2.4. Affected by this vulnerability is an unknown functionality of the component URL Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 3.2.5 is able to...

nuxsmin sysPass 跨站脚本漏洞

sysPass is a system password manager by RubénD Personal Developer. A cross-site scripting vulnerability exists in nuxsmin sysPass versions prior to 3.2.5, which stems from a problem with the component URL Handler that can lead to cross-site scripting...

Cygnux sysPass Local File Inclusion Vulnerability

Cygnux sysPass is an open source multi-user password manager that features easy installation, a clear interface and multi-user options. A local file inclusion vulnerability exists in the javascript file inclusion feature in Cygnux sysPass 2.1.7 and earlier versions. An attacker can exploit this...

Design/Logic Flaw

Cygnux sysPass version 2.1.7 and older is vulnerable to a Local File Inclusion in the functionality of javascript files inclusion. The attacker can read the configuration files that contain the login and password from the database, private encryption key, as well as other sensitive information...

CVE-2017-1000192

Cygnux sysPass version 2.1.7 and older is vulnerable to a Local File Inclusion in the functionality of javascript files inclusion. The attacker can read the configuration files that contain the login and password from the database, private encryption key, as well as other sensitive information...

CVE-2017-1000192

Cygnux sysPass version 2.1.7 and older is vulnerable to a Local File Inclusion in the functionality of javascript files inclusion. The attacker can read the configuration files that contain the login and password from the database, private encryption key, as well as other sensitive information...

CVE-2017-1000192

Cygnux sysPass

CVE-2017-1000192

Cygnux sysPass version 2.1.7 and older is vulnerable to a Local File Inclusion in the functionality of javascript files inclusion. The attacker can read the configuration files that contain the login and password from the database, private encryption key, as well as other sensitive information...

sysPass Cross-Site Scripting Vulnerability

sysPass is a PHP-based Web password manager. A cross-site scripting vulnerability exists in the inc/SP/Html/Html.class.php file in sysPass version 2.1.9. A remote attacker can exploit this vulnerability to bypass the cross-site scripting filter...

Design/Logic Flaw

inc/SP/Html/Html.class.php in sysPass 2.1.9 allows remote attackers to bypass the XSS filter, as demonstrated by use of an "svg/onload=" substring instead of an "svg onload=" substring...

CVE-2017-9306

inc/SP/Html/Html.class.php in sysPass 2.1.9 allows remote attackers to bypass the XSS filter, as demonstrated by use of an "svg/onload=" substring instead of an "svg onload=" substring...

CVE-2017-9306

inc/SP/Html/Html.class.php in sysPass 2.1.9 allows remote attackers to bypass the XSS filter, as demonstrated by use of an "svg/onload=" substring instead of an "svg onload=" substring...

CVE-2017-9306

The vulnerability described across multiple sources affects sysPass 2.1.9, specifically the file inc/SP/Html/Html.class.php. It enables remote attackers to bypass the XSS filter by manipulating an SVG onload payload (demonstrated with a "<svg/onload=" substring in place of a proper "<svg on...

CVE-2017-9306

inc/SP/Html/Html.class.php in sysPass 2.1.9 allows remote attackers to bypass the XSS filter, as demonstrated by use of an "svg/onload=" substring instead of an "svg onload=" substring...

CVE-2017-5999

An issue was discovered in sysPass 2.x before 2.1, in which an algorithm was never sufficiently reviewed by cryptographers. The fact that inc/SP/Core/Crypt.class is using the MCRYPTRIJNDAEL256 function the 256-bit block version of Rijndael, not AES instead of MCRYPTRIJNDAEL128 real AES could help...

Design/Logic Flaw

An issue was discovered in sysPass 2.x before 2.1, in which an algorithm was never sufficiently reviewed by cryptographers. The fact that inc/SP/Core/Crypt.class is using the MCRYPTRIJNDAEL256 function the 256-bit block version of Rijndael, not AES instead of MCRYPTRIJNDAEL128 real AES could help...

CVE-2017-5999

An issue was discovered in sysPass 2.x before 2.1, in which an algorithm was never sufficiently reviewed by cryptographers. The fact that inc/SP/Core/Crypt.class is using the MCRYPTRIJNDAEL256 function the 256-bit block version of Rijndael, not AES instead of MCRYPTRIJNDAEL128 real AES could help...