2 results (0.005 seconds)

CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1

The Knock Knock plugin before 1.2.8 for Craft CMS allows IP Whitelist bypass via an X-Forwarded-For HTTP header. El plugin Knock Knock versiones anteriores a 1.2.8 para Craft CMS, permite una omisión de IP Whitelist a través de un encabezado HTTP X-Forward-For. • https://github.com/verbb/knock-knock/blob/craft-3/CHANGELOG.md https://limpidsecurity.pl/security-advisories/1/knock-knock-plugin-for-craft-cms • CWE-697: Incorrect Comparison •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

The Knock Knock plugin before 1.2.8 for Craft CMS allows malicious redirection. El plugin Knock Knock versiones anteriores a 1.2.8 para Craft CMS, permite una redirección maliciosa. • https://github.com/verbb/knock-knock/blob/craft-3/CHANGELOG.md • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •