passbolt/passbolt_api Security Advisories for v1.0.13 (8)
-
[MEDIUM] Passbolt API allows HTML injection
PKSA-4hqs-vns9-d96n CVE-2024-33670 GHSA-2pg6-vw9c-qhjv
Affected version: <4.6.2
Reported by:
GitHub -
[MEDIUM] Stored XSS on first/last name during setup
PKSA-vmyb-x3zz-fp3q GHSA-v86m-j5f7-ccwh
Affected version: <2.11.0
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Tabnabbing when opening URI with menu "Open URI in a new tab"
PKSA-kr8c-3bqr-5ndv GHSA-qm5v-pj64-852j
Affected version: <2.11.0
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] Stored XSS in tags autocomplete dropdown
PKSA-wn13-bzpm-z2gp GHSA-2f46-4xjm-73x5
Affected version: <2.11.0
Reported by:
GitHub, FriendsOfPHP/security-advisories -
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[LOW] Retrieval of HTTP-only cookies
PKSA-8vc7-g66q-cvn9 GHSA-f5pp-pmq8-gp46
Affected version: <2.7.0
Reported by:
GitHub, FriendsOfPHP/security-advisories -
Reported by:
FriendsOfPHP/security-advisories -
[MEDIUM] XSS in the url field on the password workspace grid and sidebar
PKSA-tsf2-twm1-cvv1 CVE-2017-1000442 GHSA-j2fp-9wp5-mg66
Affected version: <1.6.5
Reported by:
GitHub, FriendsOfPHP/security-advisories