CVE-2024-34354

MEDIUM Year: 2024
CVSS v3 Score
6.5
Medium
Weakness Type
CWE-345
View all →

Vulnerability Description

CMSaaSStarter is a SaaS template/boilerplate built with SvelteKit, Tailwind, and Supabase. Any forks of the CMSaaSStarter template before commit 7904d416d2c72ec75f42fbf51e9e64fa74062ee6 are impacted. The issue is the user JWT Token is not verified on server session. You should take the patch 7904d416d2c72ec75f42fbf51e9e64fa74062ee6 into your fork.

Related Vulnerabilities

CVE-2019-17228

MEDIUM
CVSS:6.5(Medium)

includes/options.php in the motors-car-dealership-classified-listings (aka Motors - Car Dealer & Classified Ads) plugin through 1.4.0 for WordPress allows unauthenticated options changes.

CWE-3452019

CVE-2019-5587

MEDIUM
CVSS:6.5(Medium)

Lack of root file system integrity checking in Fortinet FortiOS VM application images all versions below 6.0.5 may allow attacker to implant malicious programs into the installing image by reassemblin...

CWE-3452019

CVE-2019-8921

MEDIUM
CVSS:6.5(Medium)

An issue was discovered in bluetoothd in BlueZ through 5.48. The vulnerability lies in the handling of a SVC_ATTR_REQ by the SDP implementation. By crafting a malicious CSTATE, it is possible to trick...

CWE-3452019

CVE-2020-10137

MEDIUM
CVSS:6.5(Medium)

Z-Wave devices based on Silicon Labs 700 series chipsets using S2 do not adequately authenticate or encrypt FIND_NODE_IN_RANGE frames, allowing a remote, unauthenticated attacker to inject a FIND_NODE...

CWE-3452020

CVE-2020-9230

MEDIUM
CVSS:6.5(Medium)

WS5800-10 version 10.0.3.25 has a denial of service vulnerability. Due to improper verification of specific message, an attacker may exploit this vulnerability to cause specific function to become abn...

CWE-3452020

CVE-2021-22339

MEDIUM
CVSS:6.5(Medium)

There is a denial of service vulnerability in some versions of ManageOne. In specific scenarios, due to the insufficient verification of the parameter, an attacker may craft some specific parameter. S...

CWE-3452021