Improper Neutralization of Special Elements in Data Query Logic

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic in the EntitySearchUtil::addSearchClause function in the autocomplete endpoint. The endpoint constructs SQL query with LIKE expression without escaping the SQL LIKE wildcar...

CVE-2025-53857

Mattermost Confluence Plugin version 1.5.0 fails to check the access of the user to the channel which allows attackers to get channel subscription details without proper access to the channel via API call to the GET autocomplete/GetChannelSubscriptions endpoint...

CVE-2025-53857 Lack of Authorization on Get Channel Subscriptions for Autocomplete in Mattermost Confluence Plugin

Mattermost Confluence Plugin version 1.5.0 fails to check the access of the user to the channel which allows attackers to get channel subscription details without proper access to the channel via API call to the GET autocomplete/GetChannelSubscriptions endpoint...

CVE-2025-53857 Lack of Authorization on Get Channel Subscriptions for Autocomplete in Mattermost Confluence Plugin

Mattermost Confluence Plugin version 1.5.0 fails to check the access of the user to the channel which allows attackers to get channel subscription details without proper access to the channel via API call to the GET autocomplete/GetChannelSubscriptions endpoint...

PT-2025-1476 · Unknown · Selesta Visual Access Manager

The software that is vulnerable is Selesta Visual Access Manager, specifically versions less than 4.42.2. The vulnerability is a Cross Site Scripting XSS vulnerability that can be exploited via the /common/autocomplete.php file. This vulnerability has been assigned the CVE identifier...