Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3 matches found

CNVD
CNVDadded 2022/06/24 12:0 a.m.13 views

habitica cross-site scripting vulnerability

habitica is an open source habit-forming program from the US-based HabitRPG. habitica versions v4.119.0 through v4.232.2 are vulnerable to a cross-site scripting vulnerability. The vulnerability stems from the program's lack of data validation filtering of user-supplied data and output. An attack...

4.3CVSS2.9AI score0.00654EPSS
Exploits1Affected Software1
CVE
CVEadded 2022/06/22 12:0 p.m.59 views

CVE-2022-23078

CVE-2022-23078 affects Habitica versions v4.119.0–v4.232.2. The connected sources describe an open redirect vulnerability exploitable via the login page, with the root cause attributed to input handling that allows redirection to arbitrary URLs. Impact is described as a partial confidentiality/in...

5.8CVSS6.5AI score0.00969EPSS
Exploits1References2Affected Software1
CVE
CVEadded 2022/06/22 11:30 a.m.57 views

CVE-2022-23077

Habitica (HabitRPG) versions 4.119.0–4.232.2 are affected by a DOM-based XSS on the login page. Root cause: insufficient validation/escaping of user-supplied data leading to reflected input in the DOM. Impact: cross-site scripting via the login page; potential for session/credential exposure if u...

6.1CVSS6AI score0.00654EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder