Filtered by vendor Passbolt
Subscriptions
Filtered by product Passbolt Api
Subscriptions
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-1000442 | 1 Passbolt | 1 Passbolt Api | 2024-09-17 | N/A |
| Passbolt API version 1.6.4 and older are vulnerable to a XSS in the url field on the password workspace | ||||
| CVE-2024-33669 | 1 Passbolt | 1 Passbolt Api | 2024-08-02 | 6.1 Medium |
| An issue was discovered in Passbolt Browser Extension before 4.6.2. It can send multiple requests to HaveIBeenPwned while a password is being typed, which results in an information leak. This allows an attacker capable of observing Passbolt's HTTPS queries to the Pwned Password API to more easily brute force passwords that are manually typed by the user. | ||||
| CVE-2024-33670 | 1 Passbolt | 1 Passbolt Api | 2024-08-02 | 4.3 Medium |
| Passbolt API before 4.6.2 allows HTML injection in a URL parameter, resulting in custom content being displayed when a user visits the crafted URL. Although the injected content is not executed as JavaScript due to Content Security Policy (CSP) restrictions, it may still impact the appearance and user interaction of the page. | ||||
Page 1 of 1.