[MEDIUM] Passbolt API allows HTML injection

PKSA-4hqs-vns9-d96n CVE-2024-33670 GHSA-2pg6-vw9c-qhjv

Affected version: <4.6.2

Reported by:
GitHub

Stored XSS on first/last name during setup

PKSA-vmyb-x3zz-fp3q

Affected version: <2.11.0

Reported by:
FriendsOfPHP/security-advisories

Tabnabbing when opening URI with menu "Open URI in a new tab"

PKSA-kr8c-3bqr-5ndv

Affected version: <2.11.0

Reported by:
FriendsOfPHP/security-advisories

Stored XSS in tags autocomplete dropdown

PKSA-wn13-bzpm-z2gp

Affected version: <2.11.0

Reported by:
FriendsOfPHP/security-advisories

E-mail HTML injection

PKSA-h8s8-nr9j-3cdp

Affected version: <2.7.0

Reported by:
FriendsOfPHP/security-advisories

Retrieval of HTTP-only cookies

PKSA-8vc7-g66q-cvn9

Affected version: <2.7.0

Reported by:
FriendsOfPHP/security-advisories

Remote code execution

PKSA-gk48-ycyg-4qfm

Affected version: <2.7.0

Reported by:
FriendsOfPHP/security-advisories