13 matches found
CVE-2022-25570
Technical details (versions, root cause, impact, and fixes) are not publicly provided in the connected documents; monitor for updates.
CVE-2022-4611
CVE-2022-4611 affects Click Studios Passwordstate and Passwordstate Browser Extension Chrome. Vulnerability details in the provided documents indicate a manipulation that results in hard-coded credentials in an unspecified part of the product, with remote initiation possible and public disclosure...
CVE-2022-4613
CVE-2022-4613 affects Click Studios Passwordstate and Passwordstate Browser Extension for Chrome, due to a vulnerability in the Browser Extension Provisioning component that leads to improper authorization. The issue can be exploited remotely and has been publicly disclosed. Affected users are ad...
CVE-2022-4610
Technical details for CVE-2022-4610 are not publicly available in the provided documents. Monitor for updates.
CVE-2022-3875
Affected software: Click Studios Passwordstate and Passwordstate Browser Extension Chrome. CVE-2022-3875 describes an authentication bypass in the API caused by issues in the API code (unknown code path) that can be exploited remotely. The vulnerability is exploitable by an unauthenticated remote...
CVE-2020-26061
The CVE concerns ClickStudios Passwordstate (password manager) prior to 8.5 build 8501. The ResetPassword function does not verify whether the user is authenticated via security questions, allowing an unauthenticated, remote attacker to send a crafted HTTP request to /account/ResetPassword to set...
CVE-2022-3877
CVE-2022-3877 affects Click Studios Passwordstate and Passwordstate Browser Extension Chrome. The issue is a vulnerability in an unknown function of the URL Field Handler that enables cross-site scripting. It can be triggered remotely, and public disclosures exist describing the exploit. A fix is...
CVE-2022-4612
Technical details (affected product/version, root cause, and remediation) are not publicly provided in the supplied documents. Monitor for updates from official advisories and trusted sources.
CVE-2023-43295
CVE-2023-43295 describes a Cross Site Request Forgery vulnerability in Passwordstate by Click Studios (SA) Pty Ltd, affecting Core Passwordstate builds 9785 and earlier. The issue enables a local attacker to trigger arbitrary code execution via a crafted request. Affected software: Passwordstate ...
CVE-2018-14776
CVE-2018-14776 affects Click Studios Passwordstate (web-based password manager) prior to version 8.3 Build 8397. The vulnerability is an authenticated-user cross-site scripting (XSS) flaw triggered by uploading an HTML document, enabling injection of arbitrary script when viewed by other authenti...
CVE-2022-3876
CVE-2022-3876 affects Click Studios Passwordstate and Passwordstate Browser Extension Chrome. The vulnerability lies in the API path /api/browserextension/UpdatePassword/ where manipulating the PasswordID argument bypasses authorization. The attack may be initiated remotely and the exploit has be...
CVE-2020-27747
CVE-2020-27747 concerns Click Studios Passwordstate 8.9 (Build 8973). The issue: if a user set a 4‑digit PIN via the mobile built‑in generator, a remote attacker can brute‑force the PIN, potentially exposing all passwords accessible to the affected account. The available documents describe the af...
CVE-2023-47801
CVE-2023-47801 affects Click Studios Passwordstate prior to 9811. The issue allows existing Security Administrators to misuse the System Wide API Key (when used with the PasswordHistory endpoint) to read or delete private password records, and to misuse the Copy/Move Password Record API Key to co...