CVE-2025-63783
- EPSS 0.08%
- Veröffentlicht 07.11.2025 00:00:00
- Zuletzt bearbeitet 05.02.2026 16:25:17
A Broken Object Level Authorization (BOLA) vulnerability was discovered in the tRPC project mutation APIs (update, delete, add/remove tag) of the Onlook web application 0.2.32. The vulnerability exists because the API fails to verify the ownership or...
CVE-2025-63784
- EPSS 0.16%
- Veröffentlicht 07.11.2025 00:00:00
- Zuletzt bearbeitet 08.12.2025 16:07:14
An Open Redirect vulnerability exists in the OAuth callback handler in file onlook/apps/web/client/src/app/auth/callback/route.ts in Onlook web application 0.2.32. The vulnerability occurs because the application trusts the X-Forwarded-Host header va...
CVE-2025-63785
- EPSS 0.09%
- Veröffentlicht 07.11.2025 00:00:00
- Zuletzt bearbeitet 08.12.2025 16:06:30
A DOM-based Cross-Site Scripting (XSS) vulnerability exists in the text editor feature of the Onlook web application 0.2.32. This vulnerability occurs because user-supplied input is not properly sanitized before being directly injected into the DOM v...