GHSA-p85q-mww9-gwqf: Citizen Short Description stored XSS vulnerability through wikitext

GHSA-prmv-7r8c-794g: Citizen vulnerable to Stored XSS through short descriptions

GHSA-67rr-84xm-4c7r: Next.JS vulnerability can lead to DoS via cache poisoning 

GHSA-r2fc-ccr8-96c4: Next.js has a Cache poisoning vulnerability due to omission of the Vary header

GHSA-rq6g-6g94-jfr4: starcitizentools/citizen-skin is vulnerable to Stored XSS attack in the legacy search bar through page descriptions

### Impact
Much like https://github.com/vantage6/vantage6/security/advisories/GHSA-45gq-q4xh-cp53, it is possible to find which usernames exist in vantage6 by calling the API routes `/recover/lost` and `/2fa/lost`, which send emails to users if they have lost their password or MFA token. Usernames can be found by assessing response time differences, and additionally, they can be found because the endpoint gives a response "Failed to login" if the username exists.

### Patches
No

### Workarounds
No

**vantage6 vulnerable to a username timing attack on recover password/MFA token**

Moderate severity GitHub Reviewed Published Mar 14, 2024 in vantage6/vantage6 • Updated Mar 15, 2024

Headline

GHSA-5h3x-6gwf-73jm: vantage6 vulnerable to a username timing attack on recover password/MFA token

Impact

Patches

Workarounds

ghsa: Latest News