Packagist (Composer) package
passbolt/passbolt_api
pkg:composer/passbolt/passbolt_api
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-33670 | — | < 4.6.2 | 4.6.2 | Apr 26, 2024 | Passbolt API before 4.6.2 allows HTML injection in a URL parameter, resulting in custom content being displayed when a user visits the crafted URL. Although the injected content is not executed as JavaScript due to Content Security Policy (CSP) restrictions, it may still impact t | ||
| CVE-2017-1000442 | — | < 1.6.5 | 1.6.5 | Jan 2, 2018 | Passbolt API version 1.6.4 and older are vulnerable to a XSS in the url field on the password workspace |
- CVE-2024-33670Apr 26, 2024affected < 4.6.2fixed 4.6.2
Passbolt API before 4.6.2 allows HTML injection in a URL parameter, resulting in custom content being displayed when a user visits the crafted URL. Although the injected content is not executed as JavaScript due to Content Security Policy (CSP) restrictions, it may still impact t
- CVE-2017-1000442Jan 2, 2018affected < 1.6.5fixed 1.6.5
Passbolt API version 1.6.4 and older are vulnerable to a XSS in the url field on the password workspace