Количество 2
Количество 2
CVE-2024-33670
Passbolt API before 4.6.2 allows HTML injection in a URL parameter, resulting in custom content being displayed when a user visits the crafted URL. Although the injected content is not executed as JavaScript due to Content Security Policy (CSP) restrictions, it may still impact the appearance and user interaction of the page.
GHSA-2pg6-vw9c-qhjv
Passbolt API allows HTML injection
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2024-33670 Passbolt API before 4.6.2 allows HTML injection in a URL parameter, resulting in custom content being displayed when a user visits the crafted URL. Although the injected content is not executed as JavaScript due to Content Security Policy (CSP) restrictions, it may still impact the appearance and user interaction of the page. | CVSS3: 4.3 | 0% Низкий | почти 2 года назад |
| GHSA-2pg6-vw9c-qhjv Passbolt API allows HTML injection | CVSS3: 4.3 | 0% Низкий | почти 2 года назад |
Уязвимостей на страницу