4 results (0.001 seconds)

CVSS: 5.1EPSS: 0%CPEs: 2EXPL: 1

01 Jun 2025 — A vulnerability classified as problematic has been found in Mist Community Edition up to 4.7.1. Affected is the function Login of the file src/mist/api/views.py of the component Authentication Endpoint. The manipulation of the argument return_to leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Stolichnayer/mist-ce-open-redirect • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 5.1EPSS: 0%CPEs: 2EXPL: 1

01 Jun 2025 — A vulnerability was found in Mist Community Edition up to 4.7.1. It has been rated as problematic. This issue affects the function tag_resources of the file src/mist/api/tag/views.py. The manipulation of the argument tag leads to cross site scripting. The attack may be initiated remotely. • https://github.com/Stolichnayer/mist-ce-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 1

01 Jun 2025 — A vulnerability was found in Mist Community Edition up to 4.7.1. It has been declared as problematic. This vulnerability affects the function session_start_response of the file src/mist/api/auth/middleware.py. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. • https://github.com/Stolichnayer/mist-ce-csrf • CWE-352: Cross-Site Request Forgery (CSRF) CWE-862: Missing Authorization •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1

01 Jun 2025 — A vulnerability was found in Mist Community Edition up to 4.7.1. It has been classified as critical. This affects the function create_token of the file src/mist/api/auth/views.py of the component API Token Handler. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. • https://github.com/Stolichnayer/mist-ce-account-takeover • CWE-266: Incorrect Privilege Assignment CWE-284: Improper Access Control •