CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33669
https://notcve.org/view.php?id=CVE-2024-33669
26 Apr 2024 — An issue was discovered in Passbolt Browser Extension before 4.6.2. It can send multiple requests to HaveIBeenPwned while a password is being typed, which results in an information leak. This allows an attacker capable of observing Passbolt's HTTPS queries to the Pwned Password API to more easily brute force passwords that are manually typed by the user. Se descubrió un problema en Passbolt Browser Extension antes de 4.6.2. Puede enviar múltiples solicitudes a HaveIBeenPwned mientras se escribe una contrase... • https://blog.quarkslab.com/passbolt-a-bold-use-of-haveibeenpwned.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33670
https://notcve.org/view.php?id=CVE-2024-33670
26 Apr 2024 — Passbolt API before 4.6.2 allows HTML injection in a URL parameter, resulting in custom content being displayed when a user visits the crafted URL. Although the injected content is not executed as JavaScript due to Content Security Policy (CSP) restrictions, it may still impact the appearance and user interaction of the page. Passbolt API anterior a 4.6.2 permite la inyección de HTML en un parámetro de URL, lo que da como resultado que se muestre contenido personalizado cuando un usuario visita la URL manip... • https://help.passbolt.com/incidents/reflective-html-injection-vulnerability • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2017-1000442
https://notcve.org/view.php?id=CVE-2017-1000442
02 Jan 2018 — Passbolt API version 1.6.4 and older are vulnerable to a XSS in the url field on the password workspace Passbolt API, en su versión 1.6.4 y anteriores, es vulnerable a XSS en el campo url del espacio de trabajo de la contraseña. • https://www.passbolt.com/incidents/20170914_xss_on_resource_urls • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •