11 matches found
CVE-2024-5478
A Cross-site Scripting XSS vulnerability exists in the SAML metadata endpoint /auth/saml/$org?.id/metadata of lunary-ai/lunary version 1.2.7. The vulnerability arises due to the application's failure to escape or validate the orgId parameter supplied by the user before incorporating it into the...
Withdrawn Advisory: lunary-ai/lunary XSS in SAML metadata endpoint
Withdrawn Advisory This advisory has been withdrawn because the lunary npm package is connected to https://github.com/lunary-ai/lunary-js, not the https://github.com/lunary-ai/lunary repo that is discussed in this advisory. The underlying vulnerability report is still valid, but it doesn't affect...
GHSA-RPX8-FG6W-RM6X Withdrawn Advisory: lunary-ai/lunary XSS in SAML metadata endpoint
Withdrawn Advisory This advisory has been withdrawn because the lunary npm package is connected to https://github.com/lunary-ai/lunary-js, not the https://github.com/lunary-ai/lunary repo that is discussed in this advisory. The underlying vulnerability report is still valid, but it doesn't affect...
CVE-2024-5478
A Cross-site Scripting XSS vulnerability exists in the SAML metadata endpoint /auth/saml/$org?.id/metadata of lunary-ai/lunary version 1.2.7. The vulnerability arises due to the application's failure to escape or validate the orgId parameter supplied by the user before incorporating it into the...
CVE-2024-5478
A Cross-site Scripting XSS vulnerability exists in the SAML metadata endpoint /auth/saml/$org?.id/metadata of lunary-ai/lunary version 1.2.7. The vulnerability arises due to the application's failure to escape or validate the orgId parameter supplied by the user before incorporating it into the...
CVE-2024-5478 Cross-site Scripting (XSS) in SAML metadata endpoint in lunary-ai/lunary
A Cross-site Scripting XSS vulnerability exists in the SAML metadata endpoint /auth/saml/$org?.id/metadata of lunary-ai/lunary version 1.2.7. The vulnerability arises due to the application's failure to escape or validate the orgId parameter supplied by the user before incorporating it into the...
CVE-2024-5478 Cross-site Scripting (XSS) in SAML metadata endpoint in lunary-ai/lunary
A Cross-site Scripting XSS vulnerability exists in the SAML metadata endpoint /auth/saml/$org?.id/metadata of lunary-ai/lunary version 1.2.7. The vulnerability arises due to the application's failure to escape or validate the orgId parameter supplied by the user before incorporating it into the...
CVE-2024-5478
CVE-2024-5478 affects lunary-ai/lunary v1.2.7. Root cause: user-supplied orgId is embedded directly into XML/SAML metadata without proper escaping/validation, enabling XSS via the /auth/saml/${org?.id}/metadata endpoint. Impact: potential theft of user cookies or authentication tokens through inj...
Jenkins Chef Sinatra Plugin Access Control Error Vulnerability
Jenkins plug-ins are plug-ins that provide functionality for Jenkins. Jenkins Chef Sinatra Plugin Access Control Error Vulnerability. An attacker could use this vulnerability to allow Jenkins to send HTTP requests to an attacker-controlled URL and have it parse an XML response...
DEBIAN-CVE-2013-6482
Pidgin before 2.10.8 allows remote MSN servers to cause a denial of service NULL pointer dereference and crash via a crafted 1 SOAP response, 2 OIM XML response, or 3 Content-Length header...
JIRA build information not included in dummy XML responses to search filter requests which users do not have access to
The build-info element is missing from the response to search filter XML requests. noformat https://support.atlassian.com/sr/jira.issueviews:searchrequest-xml/10593/SearchRequest-10593.xml?tempMax=100 noformat Happens if the user does not have access to the filter. See also...