3 matches found
CVE-2025-27913
CVE-2025-27913 concerns Passbolt API prior to version 5. The description in multiple sources states that a server misconfiguration during installation (and disregard of Health Check results) allows emails to be sent with a domain name taken from an attacker-controlled HTTP Host header. The CVSS d...
CVE-2024-33670
CVE-2024-33670 : Passbolt API before 4.6.2 allows HTML injection in a URL parameter; the underlying issue is HTML injection due to insufficient sanitization. This can cause custom content to be displayed when a user visits the crafted URL, though CSP prevents executing injected code. The impact i...
CVE-2017-1000442
CVE-2017-1000442 affects Passbolt API (version 1.6.4 and earlier) and is due to a cross-site scripting (XSS) vulnerability in the url field within the password workspace. The issue allows XSS via the URL input in the affected component; under CVSS3, the base score is 5.4 (MEDIUM) with network as ...