CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1143
https://notcve.org/view.php?id=CVE-2024-1143
Central Dogma versions prior to 0.64.1 is vulnerable to Cross-Site Scripting (XSS), which could allow for the leakage of user sessions and subsequent authentication bypass. Las versiones de Central Dogma anteriores a la 0.64.0 son vulnerables a Cross-Site Scripting (XSS), lo que podría permitir la fuga de sesiones de usuario y la posterior omisión de autenticación. • https://github.com/line/centraldogma/security/advisories/GHSA-34q3-p352-c7q8 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-38388
https://notcve.org/view.php?id=CVE-2021-38388
Central Dogma allows privilege escalation with mirroring to the internal dogma repository that has a file managing the authorization of the project. Central Dogma permite una escalada de privilegios con mirroring al repositorio interno de dogma que presenta un archivo que administra la autorización del proyecto • https://github.com/line/centraldogma/pull/621 • CWE-862: Missing Authorization •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-6002
https://notcve.org/view.php?id=CVE-2019-6002
Cross-site scripting vulnerability in Central Dogma 0.17.0 to 0.40.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Una vulnerabilidad de tipo cross-site scripting en Central Dogma versiones 0.17.0 hasta 0.40.1, permite a los atacantes remotos inyectar script web o HTML arbitrario por medio de vectores no especificados. • http://jvn.jp/en/jp/JVN94889214/index.html https://github.com/line/centraldogma/releases/tag/centraldogma-0.41.0 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •