Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

login security project login security vulnerabilities and exploits

(subscribe to this query)
7.5
CVSSv2
CVE-2013-2198
The Login Security module 6.x-1.x prior to 6.x-1.3 and 7.x-1.x prior to 7.x-1.3 for Drupal allows malicious users to bypass intended restrictions via a crafted username.
Login Security Project Login SecurityLogin Security Project Login Security 6.x-1.0Login Security Project Login Security 6.x-1.xLogin Security Project Login Security 7.x-1.x
5.8
CVSSv2
CVE-2021-32618
The Python "Flask-Security-Too" package is used for adding security features to your Flask application. It is an is an independently maintained version of Flask-Security based on the 3.0.0 version of Flask-Security. All versions of Flask-Security-Too allow redirects aft...
Flask-security Project Flask-security
NA
CVE-2023-49438
An open redirect vulnerability in the python package Flask-Security-Too <=5.3.2 allows malicious users to redirect unsuspecting users to malicious sites via a crafted URL by abusing the ?next parameter on the /login and /register routes.
Flask-security-too Project Flask-security-too
4.3
CVSSv2
CVE-2021-21241
The Python "Flask-Security-Too" package is used for adding security features to your Flask application. It is an is a independently maintained version of Flask-Security based on the 3.0.0 version of Flask-Security. In Flask-Security-Too from version 3.3.0 and before ver...
Flask-security-too Project Flask-security-too
5.8
CVSSv2
CVE-2022-25896
This affects the package passport prior to 0.6.0. When a user logs in or logs out, the session is regenerated instead of being closed.
Passport Project Passport
4.3
CVSSv2
CVE-2013-6452
Cross-site scripting (XSS) vulnerability in MediaWiki prior to 1.19.10, 1.2x prior to 1.21.4, and 1.22.x prior to 1.22.1 allows remote malicious users to inject arbitrary web script or HTML via crafted XSL in an SVG file.
Mediawiki Mediawiki 1.22.0Mediawiki Mediawiki 1.21Mediawiki Mediawiki 1.21.1Mediawiki Mediawiki 1.21.2Mediawiki Mediawiki 1.21.3Mediawiki Mediawiki 1.19Mediawiki Mediawiki 1.19.6Mediawiki Mediawiki 1.19.8Mediawiki Mediawiki 1.19.0Mediawiki Mediawiki 1.19.7Mediawiki MediawikiMediawiki Mediawiki 1.19.1Mediawiki Mediawiki 1.19.2Mediawiki Mediawiki 1.19.3Mediawiki Mediawiki 1.19.4Mediawiki Mediawiki 1.19.5
7.5
CVSSv2
CVE-2013-6453
MediaWiki prior to 1.19.10, 1.2x prior to 1.21.4, and 1.22.x prior to 1.22.1 does not properly sanitize SVG files, which allows remote malicious users to have unspecified impact via invalid XML.
Mediawiki Mediawiki 1.22.0Mediawiki Mediawiki 1.21.2Mediawiki Mediawiki 1.21.1Mediawiki Mediawiki 1.21.3Mediawiki Mediawiki 1.21Mediawiki Mediawiki 1.19.1Mediawiki Mediawiki 1.19.3Mediawiki Mediawiki 1.19.2Mediawiki Mediawiki 1.19.4Mediawiki Mediawiki 1.19Mediawiki Mediawiki 1.19.0Mediawiki Mediawiki 1.19.5Mediawiki Mediawiki 1.19.6Mediawiki Mediawiki 1.19.7Mediawiki Mediawiki 1.19.8Mediawiki Mediawiki
4.3
CVSSv2
CVE-2013-6454
Cross-site scripting (XSS) vulnerability in MediaWiki prior to 1.19.10, 1.2x prior to 1.21.4, and 1.22.x prior to 1.22.1 allows remote malicious users to inject arbitrary web script or HTML via a -o-link attribute.
Mediawiki Mediawiki 1.21.1Mediawiki Mediawiki 1.21Mediawiki Mediawiki 1.21.2Mediawiki Mediawiki 1.21.3Mediawiki Mediawiki 1.22.0Mediawiki Mediawiki 1.19Mediawiki Mediawiki 1.19.0Mediawiki Mediawiki 1.19.5Mediawiki Mediawiki 1.19.7Mediawiki MediawikiMediawiki Mediawiki 1.19.6Mediawiki Mediawiki 1.19.8Mediawiki Mediawiki 1.19.1Mediawiki Mediawiki 1.19.2Mediawiki Mediawiki 1.19.3Mediawiki Mediawiki 1.19.4
5
CVSSv2
CVE-2013-6472
MediaWiki prior to 1.19.10, 1.2x prior to 1.21.4, and 1.22.x prior to 1.22.1 allows remote malicious users to obtain information about deleted page via the (1) log API, (2) enhanced RecentChanges, and (3) user watchlists.
Mediawiki Mediawiki 1.22.0Mediawiki Mediawiki 1.19Mediawiki Mediawiki 1.19.0Mediawiki Mediawiki 1.19.7Mediawiki MediawikiMediawiki Mediawiki 1.19.1Mediawiki Mediawiki 1.19.6Mediawiki Mediawiki 1.19.8Mediawiki Mediawiki 1.19.2Mediawiki Mediawiki 1.19.3Mediawiki Mediawiki 1.19.4Mediawiki Mediawiki 1.19.5Mediawiki Mediawiki 1.21.3Mediawiki Mediawiki 1.21Mediawiki Mediawiki 1.21.1Mediawiki Mediawiki 1.21.2
4.3
CVSSv2
CVE-2019-10214
The containers/image library used by the container tools Podman, Buildah, and Skopeo in Red Hat Enterprise Linux version 8 and CRI-O in OpenShift Container Platform, does not enforce TLS connections to the container registry authorization service. An attacker could use this vulne...
Buildah Project Buildah -Libpod Project Libpod -Redhat Openshift Container Platform 4.1Skopeo Project Skopeo -Redhat Enterprise Linux 8.0Opensuse Leap 15.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322administrator privilegesCVE-2024-1579hardcodedCVE-2023-20198CVE-2024-33587CVE-2024-33449CVE-2024-4308HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook