CVSS: 2.7EPSS: 0%CPEs: 3EXPL: 0CVE-2022-35931 – Nextcloud Password Policy's generated passwords are not fully validated by HIBPValidator
https://notcve.org/view.php?id=CVE-2022-35931
Nextcloud Password Policy is an app that enables a Nextcloud server admin to define certain rules for passwords. Prior to versions 22.2.10, 23.0.7, and 24.0.3 the random password generator may, in very rare cases, generate common passwords that the validator itself would block. Upgrade Nextcloud Server to 22.2.10, 23.0.7 or 24.0.3 to receive a patch for the issue in Password Policy. There are no known workarounds available. Nextcloud Password Policy es una aplicación que permite al administrador del servidor Nextcloud definir determinadas reglas para las contraseñas. • https://github.com/nextcloud/password_policy/pull/363 https://github.com/nextcloud/security-advisories/security/advisories/GHSA-c7mw-9q4r-8qwr • CWE-261: Weak Encoding for Password CWE-326: Inadequate Encryption Strength •
CVSS: 2.1EPSS: 0%CPEs: 14EXPL: 0CVE-2012-1632
https://notcve.org/view.php?id=CVE-2012-1632
Cross-site scripting (XSS) vulnerability in password_policy.admin.inc in the Password Policy module before 6.x-1.4 and 7.x-1.0 beta3 for Drupal allows remote authenticated users with administer policies permissions to inject arbitrary web script or HTML via the name parameter. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en password_policy.admin.inc en el módulo Password Policy anteriores a v6.x-1.4 y v7.x-1.0 beta3 para Drupal, permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML a través del parámetro name. • http://drupal.org/node/1401678 http://drupalcode.org/project/password_policy.git/commit/3c688c3b4a3ed96fdc4b89883595633338c7ebb6 http://secunia.com/advisories/47541 http://www.openwall.com/lists/oss-security/2012/04/07/1 http://www.securityfocus.com/bid/51385 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •