VYPR

Misskey

by Misskey Dev

Source repositories

CVEs (28)

  • CVE-2023-43793Oct 4, 2023
    risk 0.00cvss epss 0.01

    Misskey is an open source, decentralized social media platform. Prior to version 2023.9.0, by editing the URL, a user can bypass the authentication of the Bull dashboard, which is the job queue management UI, and access it. Version 2023.9.0 contains a fix. There are no known…

  • CVE-2023-24810Feb 22, 2023
    risk 0.00cvss epss 0.00

    Misskey is an open source, decentralized social media platform. Due to insufficient validation of the redirect URL during `miauth` authentication in Misskey, arbitrary JavaScript can be executed when a user allows the link. All versions below 13.3.1 (including 12.x) are…

  • CVE-2023-24811Feb 22, 2023
    risk 0.00cvss epss 0.00

    Misskey is an open source, decentralized social media platform. In versions prior to 13.3.2 the URL preview function is subject to a cross site scripting vulnerability due to insufficient URL validation. Arbitrary JavaScript is executed when a malicious URL is loaded in the…

  • CVE-2023-24812Feb 22, 2023
    risk 0.00cvss epss 0.01

    Misskey is an open source, decentralized social media platform. In versions prior to 13.3.3 SQL injection is possible due to insufficient parameter validation in the note search API by tag (notes/search-by-tag). This has been fixed in version 13.3.3. Users are advised to…

  • CVE-2023-25154Feb 22, 2023
    risk 0.00cvss epss 0.00

    Misskey is an open source, decentralized social media platform. In versions prior to 13.5.0 the link to the instance to the sender that appears when viewing a user or note received through ActivityPub is not properly validated, so by inserting a URL with a javascript scheme an…

  • CVE-2021-39195Sep 7, 2021
    risk 0.00cvss epss 0.01

    Misskey is an open source, decentralized microblogging platform. In affected versions a Server-Side Request Forgery vulnerability exists in "Upload from URL" and remote attachment handling. This could result in the disclosure of non-public information within the internal…

  • CVE-2021-39169Aug 27, 2021
    risk 0.00cvss epss 0.01

    Misskey is a decentralized microblogging platform. In versions of Misskey prior to 12.51.0, malicious actors can use the web client built-in dialog to display a malicious string, leading to cross-site scripting (XSS). XSS could compromise the API request token. This issue has…

  • CVE-2019-1020010Jul 29, 2019
    risk 0.00cvss epss 0.01

    Misskey before 10.102.4 allows hijacking a user's token.

Page 2 of 2