All incidents

Reflective HTML Injection vulnerability

Introduction

  • CVSS Score: 4.0 (Medium)
  • CVE: In progress
  • Vulnerability Type: HTML Injection
  • Product affected: Passbolt API
  • Versions affected: Passbolt API <= v4.6.1
  • Version fixed: Passbolt API v4.6.2
  • Affected component: Error pages

Vulnerability details

Impact analysis

Root cause analysis

Mitigation and remediations

Acknowledgments

Timeline of events

  • 2024-04-10: Vulnerability reported by security researcher
  • 2024-04-10: Vulnerability analysis and acknowledgement to security researcher
  • 2024-04-11: A fix is published as part of passbolt API v4.6.2
  • 2024-04-16: CVE requested and incident page published

Current status:

1. Try first to reproduce the issue
2. Acknowledge to the reporter
3. Get a fix/patch prepared
4. Release new version.
5. Prepare a report about the issue.
6. Feature the problem in an incident page.
Last updated: 2017-09-17 09:00:00 CET
Flag of European UnionMade in Europe. Privacy by default.
Passbolt Security Incident Report: vulnerability - April 17th, 2024