Lucene search
PassboltPassbolt Api
3 matches found
CVE-2025-27913
Passbolt API before 5, if the server is misconfigured (with an incorrect installation process and disregarding of Health Check results), can send email messages with a domain name taken from an attacker-controlled HTTP Host header.
7.5CVSS7.2AI score0.00031EPSS
CVE-2024-33670
Passbolt API before 4.6.2 allows HTML injection in a URL parameter, resulting in custom content being displayed when a user visits the crafted URL. Although the injected content is not executed as JavaScript due to Content Security Policy (CSP) restrictions, it may still impact the appearance and u...
4.3CVSS6.7AI score0.00338EPSS
CVE-2017-1000442
Passbolt API version 1.6.4 and older are vulnerable to a XSS in the url field on the password workspace
5.4CVSS5.3AI score0.0025EPSS