CWE:
 

Topic
Date
Author
Med.
EmbedThis GoAhead Web Server 5.1.1 Digest Authentication Capture Replay Nonce Reuse
07.10.2020
LiquidWorm


CVEMAP Search Results

CVE
Details
Description
2023-07-28
Waiting for details
CVE-2023-37467

Updating...
 

 
Discourse is an open source discussion platform. Prior to version 3.1.0.beta7 of the `beta` and `tests-passed` branches, a CSP (Content Security Policy) nonce reuse vulnerability was discovered could allow cross-site scripting (XSS) attacks to bypass CSP protection for anonymous (i.e. unauthenticated) users. There are no known XSS vectors at the moment, but should one be discovered, this vulnerability would allow the XSS attack to bypass CSP and execute successfully. This vulnerability isn't applicable to logged-in users. Version 3.1.0.beta7 contains a patch. The stable branch doesn't have this vulnerability. A workaround to prevent the vulnerability is to disable Google Tag Manager, i.e., unset the `gtm container id` setting.

 
2023-04-04
Waiting for details
CVE-2023-28997

Updating...
 

 
The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Starting with version 3.0.0 and prior to version 3.6.5, a malicious server administrator can recover and modify the contents of end-to-end encrypted files. Users should upgrade the Nextcloud Desktop client to 3.6.5 to receive a patch. No known workarounds are available.

 

 


Copyright 2024, cxsecurity.com

 

Back to Top