MidnightBSD

Advisories for pantsel

CVE-2023-39846

An issue in Konga v0.14.9 allows attackers to bypass authentication via a crafted JWT token.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
pantsel konga 0.14.9
CVE-2024-34243

Konga v0.14.9 is vulnerable to Cross Site Scripting (XSS) via the username parameter.

Products Affected

Vendor Product Version
pantsel konga 0.14.9