GHSA-274Q-79Q9-52J7 Character injection in Hubble CLI

Impact A network attacker could inject malicious control characters into Hubble CLI terminal output, potentially leading to loss of integrity and manipulation of the output. This could be leveraged to conceal log entries, rewrite output, or even make the terminal temporarily unusable. Exploitatio...

CVE-2023-27148

A stored cross-site scripting XSS vulnerability in the Admin panel in Enhancesoft osTicket v1.17.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Role Name parameter...

CVE-2023-27148

CVE-2023-27148 describes a stored cross-site scripting (XSS) vulnerability in Enhancesoft osTicket Admin panel (v1.17.2). The flaw allows an attacker to inject arbitrary web scripts or HTML via the Role Name parameter, enabling potential script execution in the context of authenticated users with...

CVE-2023-27149

A stored cross-site scripting XSS vulnerability in Enhancesoft osTicket v1.17.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Label input parameter when updating a custom list...

NodeBB account takeover via SSO plugins

This is a historical security advisory, pertaining to a vulnerability that was reported, patched, and published in 2021. It is listed here for completeness and for CVE tracking purposes. Impact Due to an unnecessarily strict conditional in the code handling the first step of the SSO process, the...