CVE-2023-42222

WebCatalog before 49.0 is vulnerable to Incorrect Access Control. WebCatalog calls the Electron shell.openExternal function without verifying that the URL is for an http or https resource, in some circumstances...

WebCatalog 48.4 Arbitrary Protocol Execution / Code Execution Vulnerability

WebCatalog versions prior to 48.8 call the Electron shell.openExternal function without verifying that the URL is for an http or https resource. This vulnerability allows an attacker to potentially execute code through arbitrary protocols on the victims machine by having users sync pages with...

WebCatalog 48.4 - Arbitrary Protocol Execution

Exploit Title: WebCatalog 48.4 - Arbitrary Protocol Execution Date: 9/27/2023 Exploit Author: ItsSixtyN3in Vendor Homepage: https://webcatalog.io/en/ Software Link: https://cdn-2.webcatalog.io/webcatalog/WebCatalog%20Setup%2052.3.0.exe Version: 48.4.0 Tested on: Windows CVE : CVE-2023-42222...

CVE-2023-42222

WebCatalog before 49.0 is vulnerable to Incorrect Access Control. WebCatalog calls the Electron shell.openExternal function without verifying that the URL is for an http or https resource, in some circumstances...

CVE-2023-42222

WebCatalog before 49.0 is vulnerable to Incorrect Access Control. WebCatalog calls the Electron shell.openExternal function without verifying that the URL is for an http or https resource, in some circumstances...

CVE-2023-42222

WebCatalog before 49.0 is vulnerable to Incorrect Access Control. WebCatalog calls the Electron shell.openExternal function without verifying that the URL is for an http or https resource, in some circumstances...

Design/Logic Flaw

WebCatalog before 49.0 is vulnerable to Incorrect Access Control. WebCatalog calls the Electron shell.openExternal function without verifying that the URL is for an http or https resource, in some circumstances...

WebCatalog Security Vulnerabilities

WebCatalog is a desktop application from WebCatalog, Inc. that improves workflow and increases productivity. A security vulnerability exists in WebCatalog versions prior to 49.0 that stems from not validating whether a URL is used for an http or https resource...

CVE-2023-42222

WebCatalog (desktop app) before version 49.0 is vulnerable to Incorrect Access Control due to Electron shell.openExternal being invoked without validating http/https URLs. The CVE-2023-42222 description and Red Hat/PRION entries confirm this issue affects WebCatalog pre-49.0 with potential for co...

CVE-2023-42222

WebCatalog before 49.0 is vulnerable to Incorrect Access Control. WebCatalog calls the Electron shell.openExternal function without verifying that the URL is for an http or https resource, in some circumstances...

PT-2023-28296 · Electron +1 · Electron +1

Name of the Vulnerable Software and Affected Versions: WebCatalog versions prior to 49.0 Description: The issue arises from WebCatalog calling the Electron shell.openExternal function without verifying that the URL is for an http or https resource, in some circumstances. This leads to incorrect...

Unfixed XSS vulnerability at orders.foleydistributing.com

Security researcher MaXWeL, has submitted on 17/03/2007 a cross-site-scripting XSS vulnerability affecting orders.foleydistributing.com, which at the time of submission ranked 4640193 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 17/03/2007. ...