Security Advisories - passbolt/passbolt_api - Packagist

passbolt/passbolt_api Security Advisories for v1.0.13 (8)

[MEDIUM] Passbolt API allows HTML injection

PKSA-4hqs-vns9-d96n CVE-2024-33670 GHSA-2pg6-vw9c-qhjv

Affected version: <4.6.2

Reported by:
GitHub
[MEDIUM] Stored XSS on first/last name during setup

PKSA-vmyb-x3zz-fp3q GHSA-v86m-j5f7-ccwh

Affected version: <2.11.0

Reported by:
GitHub, FriendsOfPHP/security-advisories
[MEDIUM] Tabnabbing when opening URI with menu "Open URI in a new tab"

PKSA-kr8c-3bqr-5ndv GHSA-qm5v-pj64-852j

Affected version: <2.11.0

Reported by:
GitHub, FriendsOfPHP/security-advisories
[HIGH] Stored XSS in tags autocomplete dropdown

PKSA-wn13-bzpm-z2gp GHSA-2f46-4xjm-73x5

Affected version: <2.11.0

Reported by:
GitHub, FriendsOfPHP/security-advisories
[HIGH] E-mail HTML injection

PKSA-h8s8-nr9j-3cdp GHSA-cv5c-2qv5-w2m2

Affected version: <2.7.0

Reported by:
GitHub, FriendsOfPHP/security-advisories
[LOW] Retrieval of HTTP-only cookies

PKSA-8vc7-g66q-cvn9 GHSA-f5pp-pmq8-gp46

Affected version: <2.7.0

Reported by:
GitHub, FriendsOfPHP/security-advisories
Remote code execution

PKSA-gk48-ycyg-4qfm

Affected version: <2.7.0

Reported by:
FriendsOfPHP/security-advisories
[MEDIUM] XSS in the url field on the password workspace grid and sidebar

PKSA-tsf2-twm1-cvv1 CVE-2017-1000442 GHSA-j2fp-9wp5-mg66

Affected version: <1.6.5

Reported by:
GitHub, FriendsOfPHP/security-advisories