Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
SerenityStartsharp

3 matches found

CVE
CVEadded 2023/04/27 12:0 a.m.61 views

CVE-2023-31287

CVE-2023-31287 affects Serenity Serene and StartSharp (before 6.7.0). A password-reset link token is valid after use and can be replayed to reset a password, with the token expiring after 3 hours and sent as a query parameter. An attacker with browser-history access could reuse the token to take ...

7.8CVSS7.4AI score0.00435EPSS
CVE
CVEadded 2023/04/27 12:0 a.m.60 views

CVE-2023-31286

Summary: CVE-2023-31286 affects Serenity Serene and StartSharp prior to 6.7.0. The issue arises during password reset requests, where the server response reveals whether a user exists. Specifically, attempting to reset a password for a non-existent user yields an error message indicating that the...

5.3CVSS5.5AI score0.01011EPSS
CVE
CVEadded 2023/04/27 12:0 a.m.58 views

CVE-2023-31285

CVE-2023-31285 concerns Serenity Serene (StartSharp) prior to 6.7.0, where the file-upload validation blocks some extensions but still allows .html/.htm uploads containing an XSS payload. The resulting link can be sent to an administrator, enabling an XSS risk as described across multiple sources...

6.1CVSS6AI score0.00785EPSS