Lucene search
K
ClickstudiosPasswordstate

13 matches found

CVE
CVE
added 2022/03/21 12:59 p.m.79 views

CVE-2022-25570

Technical details (versions, root cause, impact, and fixes) are not publicly provided in the connected documents; monitor for updates.

6.5CVSS6.5AI score0.00807EPSS
CVE
CVE
added 2022/12/19 12:0 a.m.63 views

CVE-2022-4611

CVE-2022-4611 affects Click Studios Passwordstate and Passwordstate Browser Extension Chrome. Vulnerability details in the provided documents indicate a manipulation that results in hard-coded credentials in an unspecified part of the product, with remote initiation possible and public disclosure...

5.3CVSS4.9AI score0.01225EPSS
CVE
CVE
added 2022/12/19 12:0 a.m.55 views

CVE-2022-4613

CVE-2022-4613 affects Click Studios Passwordstate and Passwordstate Browser Extension for Chrome, due to a vulnerability in the Browser Extension Provisioning component that leads to improper authorization. The issue can be exploited remotely and has been publicly disclosed. Affected users are ad...

6.5CVSS5.8AI score0.00726EPSS
CVE
CVE
added 2022/12/19 12:0 a.m.53 views

CVE-2022-4610

Technical details for CVE-2022-4610 are not publicly available in the provided documents. Monitor for updates.

5.5CVSS4.6AI score0.00238EPSS
CVE
CVE
added 2022/12/19 12:0 a.m.52 views

CVE-2022-3875

Affected software: Click Studios Passwordstate and Passwordstate Browser Extension Chrome. CVE-2022-3875 describes an authentication bypass in the API caused by issues in the API code (unknown code path) that can be exploited remotely. The vulnerability is exploitable by an unauthenticated remote...

7.5CVSS7.7AI score0.00968EPSS
CVE
CVE
added 2020/10/05 1:43 p.m.50 views

CVE-2020-26061

The CVE concerns ClickStudios Passwordstate (password manager) prior to 8.5 build 8501. The ResetPassword function does not verify whether the user is authenticated via security questions, allowing an unauthenticated, remote attacker to send a crafted HTTP request to /account/ResetPassword to set...

7.5CVSS7.8AI score0.04456EPSS
CVE
CVE
added 2022/12/19 12:0 a.m.48 views

CVE-2022-3877

CVE-2022-3877 affects Click Studios Passwordstate and Passwordstate Browser Extension Chrome. The issue is a vulnerability in an unknown function of the URL Field Handler that enables cross-site scripting. It can be triggered remotely, and public disclosures exist describing the exploit. A fix is...

5.4CVSS4.5AI score0.00636EPSS
CVE
CVE
added 2022/12/19 12:0 a.m.47 views

CVE-2022-4612

Technical details (affected product/version, root cause, and remediation) are not publicly provided in the supplied documents. Monitor for updates from official advisories and trusted sources.

6.5CVSS5.3AI score0.00853EPSS
CVE
CVE
added 2023/10/31 12:0 a.m.46 views

CVE-2023-43295

CVE-2023-43295 describes a Cross Site Request Forgery vulnerability in Passwordstate by Click Studios (SA) Pty Ltd, affecting Core Passwordstate builds 9785 and earlier. The issue enables a local attacker to trigger arbitrary code execution via a crafted request. Affected software: Passwordstate ...

3.5CVSS5AI score0.0024EPSS
CVE
CVE
added 2018/08/01 6:0 a.m.43 views

CVE-2018-14776

CVE-2018-14776 affects Click Studios Passwordstate (web-based password manager) prior to version 8.3 Build 8397. The vulnerability is an authenticated-user cross-site scripting (XSS) flaw triggered by uploading an HTML document, enabling injection of arbitrary script when viewed by other authenti...

5.4CVSS5.1AI score0.00526EPSS
CVE
CVE
added 2022/12/19 12:0 a.m.42 views

CVE-2022-3876

CVE-2022-3876 affects Click Studios Passwordstate and Passwordstate Browser Extension Chrome. The vulnerability lies in the API path /api/browserextension/UpdatePassword/ where manipulating the PasswordID argument bypasses authorization. The attack may be initiated remotely and the exploit has be...

6.5CVSS5.6AI score0.00844EPSS
Web
CVE
CVE
added 2020/10/29 5:26 p.m.40 views

CVE-2020-27747

CVE-2020-27747 concerns Click Studios Passwordstate 8.9 (Build 8973). The issue: if a user set a 4‑digit PIN via the mobile built‑in generator, a remote attacker can brute‑force the PIN, potentially exposing all passwords accessible to the affected account. The available documents describe the af...

6.8CVSS6.6AI score0.01091EPSS
CVE
CVE
added 2023/11/13 12:0 a.m.36 views

CVE-2023-47801

CVE-2023-47801 affects Click Studios Passwordstate prior to 9811. The issue allows existing Security Administrators to misuse the System Wide API Key (when used with the PasswordHistory endpoint) to read or delete private password records, and to misuse the Copy/Move Password Record API Key to co...

4.7CVSS4.8AI score0.00439EPSS