Lucene search
K

188 matches found

OSV
OSV
added 2023/03/20 4:15 p.m.14 views

CVE-2023-22288

HTML Email Injection in Tribe29 Checkmk =2.1.0p23; =2.0.0p34, and all versions of Checkmk 1.6.0 allows an authenticated attacker to inject malicious HTML into Emails...

5.4CVSS7.1AI score
Exploits0References1
Prion
Prion
added 2023/03/20 4:15 p.m.18 views

Hardcoded credentials

HTML Email Injection in Tribe29 Checkmk =2.1.0p23; =2.0.0p34, and all versions of Checkmk 1.6.0 allows an authenticated attacker to inject malicious HTML into Emails...

4.9CVSS5.5AI score0.00399EPSS
Exploits0References1Affected Software1
UbuntuCve
UbuntuCve
added 2023/03/20 4:15 p.m.15 views

CVE-2023-22288

HTML Email Injection in Tribe29 Checkmk =2.1.0p23; =2.0.0p34, and all versions of Checkmk 1.6.0 allows an authenticated attacker to inject malicious HTML into Emails...

5.4CVSS6.1AI score0.00399EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/03/20 3:33 p.m.9 views

CVE-2023-22288 Email HTML Injection

HTML Email Injection in Tribe29 Checkmk =2.1.0p23; =2.0.0p34, and all versions of Checkmk 1.6.0 allows an authenticated attacker to inject malicious HTML into Emails...

4.1CVSS5.5AI score0.00399EPSS
Exploits0References1
CVE
CVE
added 2023/03/20 3:33 p.m.63 views

CVE-2023-22288

CVE-2023-22288 corresponds to an HTML Email Injection in Tribe29 CheckMK, affecting CheckMK versions <=2.1.0p23;

5.4CVSS4.8AI score0.00399EPSS
Exploits0References1Affected Software2
SUSE CVE
SUSE CVE
added 2023/02/15 4:27 a.m.6 views

SUSE CVE-2018-11563

An issue was discovered in Open Ticket Request System OTRS 6.0.x through 6.0.7. A carefully constructed email could be used to inject and execute arbitrary stylesheet or JavaScript code in a logged in customer's browser in the context of the OTRS customer panel application...

4.9CVSS5.3AI score0.00816EPSS
Exploits0References3
Huntr
Huntr
added 2022/12/04 2:43 p.m.37 views

XSS Stored in Email

Description It was discovered that it is possible to inject a malicious payload into the email address field, resulting in a stored XSS vulnerability. Proof of Concept 1. Access to emails parameters /scp/emails.php 2. create an account with the following email address Payload...

4.9CVSS5.3AI score0.00514EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2022/11/29 3:30 a.m.6 views

CVE-2022-41676 TEAM JOHNLONG SOFTWARE CO., LTD. MAILD Mail Server - Cross-Site Scripting

Raiden MAILD Mail Server website mail field has insufficient filtering for user input. A remote attacker with general user privilege can send email using the website with malicious JavaScript in the input field, which triggers XSS Reflected Cross-Site Scripting attack to the mail recipient...

5.4CVSS5.4AI score0.00429EPSS
Exploits0References1
CVE
CVE
added 2022/08/02 5:55 p.m.401 views

CVE-2022-35924

CVE-2022-35924 affects NextAuth.js EmailProvider in versions before 4.10.3 and 3.29.10. An attacker could forge a request with a comma-separated email list, causing the system to send emails to both attacker and victim, potentially bypassing authorization (e.g., email.endsWith checks) when loggin...

9.1CVSS9.3AI score0.01098EPSS
Exploits0References8Affected Software1
NVD
NVD
added 2022/06/29 1:15 a.m.24 views

CVE-2022-29269

In Nagios XI through 5.8.5, in the schedule report function, an authenticated attacker is able to inject HTML tags that lead to the reformatting/editing of emails from an official email address...

6.5CVSS0.03053EPSS
Exploits0References4
Hacker One
Hacker One
added 2022/06/15 2:54 p.m.18 views

GitHub Security Lab: PYTHON: CWE-079 - Add query for email injection

This bug was reported directly to GitHub Security Lab...

1.2AI score
Exploits0
CVE
CVE
added 2022/06/14 8:50 p.m.96 views

CVE-2022-31049

CVE-2022-31049 – TYPO3 Frontend Login Mailer XSS is a cross‑site scripting vulnerability in TYPO3. Prior to TYPO3 versions 9.5.34 ELTS, 10.4.29, and 11.5.11, user-submitted content was not properly encoded in HTML emails sent to users, with the actual affected components being mail clients that v...

5.4CVSS5.2AI score0.00717EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2022/04/20 7:15 p.m.21 views

CVE-2022-24864

Origin Protocol is a blockchain based project. The Origin Protocol project website allows for malicious users to inject malicious Javascript via a POST request to /presale/join. User-controlled data is passed with no sanitization to SendGrid and injected into an email that is delivered to the...

5.4CVSS0.00629EPSS
Exploits0References3
Prion
Prion
added 2022/04/20 7:15 p.m.16 views

Design/Logic Flaw

Origin Protocol is a blockchain based project. The Origin Protocol project website allows for malicious users to inject malicious Javascript via a POST request to /presale/join. User-controlled data is passed with no sanitization to SendGrid and injected into an email that is delivered to the...

3.5CVSS5.6AI score0.00629EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2022/04/20 6:25 p.m.25 views

CVE-2022-24864 Malicious Javascript injection in OriginProtocol/origin-website

Origin Protocol is a blockchain based project. The Origin Protocol project website allows for malicious users to inject malicious Javascript via a POST request to /presale/join. User-controlled data is passed with no sanitization to SendGrid and injected into an email that is delivered to the...

4.1CVSS5.8AI score0.00629EPSS
Exploits0References3
Cvelist
Cvelist
added 2022/01/26 6:50 p.m.19 views

CVE-2021-46114

jpress v 4.2.0 is vulnerable to RCE via io.jpress.module.product.ProductNotifyKitdoSendEmail. The admin panel provides a function through which attackers can edit the email templates and inject some malicious code...

8.8AI score0.0169EPSS
Exploits1References2
Cvelist
Cvelist
added 2022/01/26 3:15 p.m.20 views

CVE-2021-46117

jpress 4.2.0 is vulnerable to remote code execution via io.jpress.module.page.PageNotifyKitdoSendEmail. The admin panel provides a function through which attackers can edit the email templates and inject some malicious code...

7.6AI score0.03262EPSS
Exploits1References2
Cvelist
Cvelist
added 2021/10/12 7:40 a.m.20 views

CVE-2021-42009 Apache Traffic Control Traffic Ops Email Injection Vulnerability

An authenticated Apache Traffic Control Traffic Ops user with Portal-level privileges can send a request with a specially-crafted email subject to the /deliveryservices/request Traffic Ops endpoint to send an email, from the Traffic Ops server, with an arbitrary body to an arbitrary email address...

5AI score0.02734EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2021/10/12 12:0 a.m.16 views

WordPress Ninja Forms Plugin < 3.5.8 Multiple Vulnerabilities

The WordPress plugin Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

6.5CVSS6.9AI score0.01122EPSS
Exploits4References2
Cvelist
Cvelist
added 2021/09/22 5:53 p.m.20 views

CVE-2021-34648 Ninja Forms <= 3.5.7 Unprotected REST-API to Email Injection

The Ninja Forms WordPress plugin is vulnerable to arbitrary email sending via the triggeremailaction function found in the /includes/Routes/Submissions.php file, in versions up to and including 3.5.7. This allows authenticated attackers to send arbitrary emails from the affected server via the...

6.4CVSS6.5AI score0.00636EPSS
Exploits2References2
Rows per page
Query Builder