Filtered by vendor Passbolt Subscriptions
Filtered by product Passbolt Api Subscriptions
Total 3 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-33670 1 Passbolt 1 Passbolt Api 2024-11-21 4.3 Medium
Passbolt API before 4.6.2 allows HTML injection in a URL parameter, resulting in custom content being displayed when a user visits the crafted URL. Although the injected content is not executed as JavaScript due to Content Security Policy (CSP) restrictions, it may still impact the appearance and user interaction of the page.
CVE-2024-33669 1 Passbolt 1 Passbolt Api 2024-11-21 6.1 Medium
An issue was discovered in Passbolt Browser Extension before 4.6.2. It can send multiple requests to HaveIBeenPwned while a password is being typed, which results in an information leak. This allows an attacker capable of observing Passbolt's HTTPS queries to the Pwned Password API to more easily brute force passwords that are manually typed by the user.
CVE-2017-1000442 1 Passbolt 1 Passbolt Api 2024-11-21 N/A
Passbolt API version 1.6.4 and older are vulnerable to a XSS in the url field on the password workspace