Lucene search
K

8 matches found

CVE
CVE
added 10 hours ago9 views

CVE-2026-55437

CVE-2026-55437 affects Coder: prior to 2.29.17, 2.32.7, 2.33.8, and 2.34.2, AgentLogLine uses ansi-to-html without escapeXML: true and injects via dangerouslySetInnerHTML, enabling stored HTML injection in workspace agent logs. Exploitation requires a user with workspace-owner access to view atta...

5.4CVSS6AI score
Exploits0References6
OSV
OSV
added yesterday4 views

GO-2026-5919 Coder vulnerable to stored HTML injection via workspace agent logs in AgentLogLine component in github.com/coder/coder

Coder vulnerable to stored HTML injection via workspace agent logs in AgentLogLine component in github.com/coder/coder...

5.4CVSS5.9AI score
Exploits0References2
OSV
OSV
added 2 days ago4 views

GHSA-7QW2-F75V-62F7 Coder vulnerable to stored HTML injection via workspace agent logs in AgentLogLine component

Summary The AgentLogLine dashboard component instantiated ansi-to-html without escapeXML: true and inserted the result via dangerouslySetInnerHTML so HTML embedded in workspace agent log lines was rendered as live markup. Server-side sanitization did not neutralize HTML metacharacters. Note:...

5.4CVSS6.1AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2 days ago6 views

Coder vulnerable to stored HTML injection via workspace agent logs in AgentLogLine component

Summary The AgentLogLine dashboard component instantiated ansi-to-html without escapeXML: true and inserted the result via dangerouslySetInnerHTML so HTML embedded in workspace agent log lines was rendered as live markup. Server-side sanitization did not neutralize HTML metacharacters. Note:...

5.4CVSS6.1AI score
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2 days ago8 views

PT-2026-56081

Name of the Vulnerable Software and Affected Versions Coder versions prior to 2.29.17 Coder versions prior to 2.32.7 Coder versions prior to 2.33.8 Coder versions prior to 2.34.2 Description The AgentLogLine dashboard component uses the ansi-to-html library without the escapeXML: true setting and...

5.4CVSS6AI score
Exploits0References9
Cvelist
Cvelist
added 2026/05/22 4:0 p.m.13 views

CVE-2026-28444 Typebot: IDOR in Result Logs Endpoint Allows Cross-Workspace Data Disclosure

Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the getResultLogs API endpoint authorizes the caller against the provided typebotId but fetches logs solely by resultId without verifying that the result belongs to the authorized typebot, leading to IDOR. An authenticated attacker...

6.5CVSS0.00316EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.10 views

Typebot 安全漏洞

Typebot is an open-source chat bot builder developed by Baptiste Arnaud. Versions of Typebot 3.15.2 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the getResultLogs API endpoint, which did not verify whether the resultId belonged to a authorized typebotId. This...

6.5CVSS5.9AI score0.00316EPSS
Exploits0References3
Snyk
Snyk
added 2025/12/03 4:28 p.m.2 views

Insertion of Sensitive Information into Log File

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File due to logging as unsanitized plaintext. An attacker can gain unauthorized access to sensitive information and potentially escalate privileges by accessing unsanitized logs containing...

8.5CVSS6.6AI score0.00203EPSS
Exploits1References2
Rows per page
Query Builder