Shynet
Monthly
Cross-site scripting (XSS) in Shynet before version 0.14.0 allows unauthenticated remote attackers to inject arbitrary scripts through the urldisplay and iconify template filters, potentially compromising user sessions and data integrity with medium attack complexity and cross-site scope. The vulnerability affects the analytics platform's template rendering layer and has been patched in version 0.14.0 with no confirmed active exploitation reported.
Host header injection in Shynet before 0.14.0 allows unauthenticated remote attackers to manipulate password reset functionality through crafted HTTP Host headers, enabling account hijacking and unauthorized access via email-based password reset flows. The vulnerability requires user interaction (clicking a reset link) and carries a CVSS score of 6.4 with confirmed patch availability in version 0.14.0.
Cross-site scripting (XSS) in Shynet before version 0.14.0 allows unauthenticated remote attackers to inject arbitrary scripts through the urldisplay and iconify template filters, potentially compromising user sessions and data integrity with medium attack complexity and cross-site scope. The vulnerability affects the analytics platform's template rendering layer and has been patched in version 0.14.0 with no confirmed active exploitation reported.
Host header injection in Shynet before 0.14.0 allows unauthenticated remote attackers to manipulate password reset functionality through crafted HTTP Host headers, enabling account hijacking and unauthorized access via email-based password reset flows. The vulnerability requires user interaction (clicking a reset link) and carries a CVSS score of 6.4 with confirmed patch availability in version 0.14.0.