9 matches found
CVE-2024-34243
Konga v0.14.9 is vulnerable to Cross Site Scripting XSS via the username parameter...
CVE-2024-34243
CVE-2024-34243 affects Konga v0.14.9 with Cross-Site Scripting (XSS) via the username parameter. The linked sources indicate the underlying issue is inadequate input validation on the username field, enabling injected scripts. The CVE is recorded with a CVSS v3.1 base score of 5.4 (Medium) and sh...
Authentication flaw
An issue in Konga v0.14.9 allows attackers to bypass authentication via a crafted JWT token...
CVE-2023-39846
An issue in Konga v0.14.9 allows attackers to bypass authentication via a crafted JWT token...
CVE-2023-39846
An issue in Konga v0.14.9 allows attackers to bypass authentication via a crafted JWT token...
CVE-2021-42192
Konga v0.14.9 is affected by an incorrect access control vulnerability where a specially crafted request can lead to privilege escalation...
Privilege escalation
Konga v0.14.9 is affected by an incorrect access control vulnerability where a specially crafted request can lead to privilege escalation...
CVE-2021-42192
Konga v0.14.9 is affected by an incorrect access control vulnerability where a specially crafted request can lead to privilege escalation...
CVE-2021-42192
CVE-2021-42192 affects KONGA v0.14.9 with an incorrect access control that allows privilege escalation via a crafted request. The attack vector demonstrated in the Nuclei template targets /api/user/{ID} with ADMIN privileges, enabling higher-privilege administration access. The underlying issue i...