CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4 matches found

EUVD•added 2026/06/09 9:59 p.m.•6 views

EUVD-2026-31111

PhoenixStorybook has cross-session PubSub topic injection via URL parameter...

2.3CVSS5.4AI score0.00409EPSS

Exploits0References5

Github Security Blog•added 2026/06/09 9:59 p.m.•10 views

PhoenixStorybook has cross-session PubSub topic injection via URL parameter

Summary The storybook iframe LiveView accepts a PubSub topic from the URL query string and broadcasts its own pid onto that topic with no check that the topic belongs to the current session. Any unauthenticated visitor who knows or guesses another user's playground topic can hijack the...

2.3CVSS5.5AI score0.00409EPSS

Exploits0References6Affected Software1

OSV•added 2026/05/20 1:35 p.m.•4 views

EEF-CVE-2026-47068 Cross-session PubSub topic injection via URL parameter in phoenix_storybook

Summary Authorization Bypass Through User-Controlled Key vulnerability in phenixdigital phoenixstorybook allows cross-session PubSub topic injection via a URL query parameter. 'Elixir.PhoenixStorybook.Story.ComponentIframeLive':handleparams/3 in...

2.3CVSS5.8AI score0.00409EPSS

Exploits0References4

CNNVD•added 2026/05/20 12:0 a.m.•8 views

PhoenixStorybook 安全漏洞

PhoenixStorybook is an open-source component display and interaction debugging UI tool developed by Phenix Digital. Versions of PhoenixStorybook from 0.4.0 to 1.1.0 contained security vulnerabilities. These vulnerabilities stemmed from bypassing authorization using user-controlled keys. Attackers...

2.3CVSS5.8AI score0.00409EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by