283 matches found
CVE-2025-53902
Tuleap exposes confidential artifact information to unauthorized users via email notifications. CVE-2025-53902 affects Tuleap Community Edition <16.9.99.1752585665 and Tuleap Enterprise Edition <16.8-6 and
CVE-2024-46988
Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap Community Edition 15.13.99.40, Tuleap Enterprise Edition 15.13-3, and Tuleap Enterprise Edition 15.12-6, users might receive email notification with information they should not have access to...
CVE-2021-2404
Vulnerability in the PeopleSoft Enterprise HCM Candidate Gateway product of Oracle PeopleSoft component: e-mail notification. The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft...
CVE-2020-25121
The Admin CP in vBulletin 5.6.3 allows XSS via the Paid Subscription Email Notification field in the Options...
CVE-2019-5471
An input validation and output encoding issue was discovered in the GitLab email notification feature which could result in a persistent XSS. This was addressed in GitLab 12.1.2, 12.0.4, and 11.11.6...
CVE-2010-4760
Open Ticket Request System OTRS before 3.0.0-beta6 adds email-notification-ext articles to tickets during processing of event-based notifications, which allows remote authenticated users to obtain potentially sensitive information by reading a ticket...
CVE-2025-47622
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in apasionados Email Notification on Login email-notification-on-login allows Stored XSS.This issue affects Email Notification on Login: from n/a through = 1.7.0...
CVE-2025-47622
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in apasionados Email Notification on Login email-notification-on-login allows Stored XSS.This issue affects Email Notification on Login: from n/a through = 1.7.0...
WordPress Email Notification on Login plugin <= 1.7.0 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Nabil Irawan in WordPress Plugin Email Notification on Login versions = 1.7.0...
CVE-2025-47622 WordPress Email Notification on Login plugin <= 1.7.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in apasionados Email Notification on Login email-notification-on-login allows Stored XSS.This issue affects Email Notification on Login: from n/a through = 1.7.0...
CVE-2025-47622 WordPress Email Notification on Login <= 1.6.1 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in apasionados Email Notification on Login allows Stored XSS. This issue affects Email Notification on Login: from n/a through 1.6.1...
CVE-2025-47622
CVE-2025-47622 is a stored Cross-Site Scripting (XSS) vulnerability affecting the WordPress plugin Email Notification on Login (listed as apostar…apasionados?) with exposure from version n/a to 1.6.1 . The description and connected sources confirm that input is improperly neutralized during web p...
PT-2025-20188 · Unknown · Apasionados Email Notification On Login
Name of the Vulnerable Software and Affected Versions: apasionados Email Notification on Login versions n/a through 1.6.1 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that ...
HTML Injection
verbb/formie is vulnerable to HTML injection. The vulnerability is due to insufficient sanitization of HTML content in the email notification preview feature, allows an attacker to inject malicious HTML content into the email notification preview...
Security Bulletin: IBM MaaS360 Cloud Extender Agent, Configuration Utility, Email Notification, Real Time Action and Base Module affected by multiple vulnerabilities (CVE-2023-46219, CVE-2023-46218, CVE-2023-52071, CVE-2024-0853)
Summary Vulnerabilities contained within libcurl a 3rd party component were addressed in the IBM MaaS360 Cloud Extender Agent, Configuration Utility, Email Notification, Realtime Action and Base Modules. Vulnerability Details CVEID:CVE-2023-46219 DESCRIPTION: cURL libcurl could allow a remote...
CVE-2025-32426
Formie is a Craft CMS plugin for creating forms. Prior to version 2.1.44, it is possible to inject malicious code into the HTML content of an email notification, which is then rendered on the preview. There is no issue when rendering the email via normal means a delivered email. This would requir...
GHSA-2XM2-23FF-P8WW Formie has XSS vulnerability for email notification content for preview
Impact It is possible to inject malicious code into the HTML content of an email notification, which is then rendered on the preview. There is no issue when rendering the email via normal means a delivered email. This would require access to the form's email notification settings. Patches This ha...
Formie has XSS vulnerability for email notification content for preview
Impact It is possible to inject malicious code into the HTML content of an email notification, which is then rendered on the preview. There is no issue when rendering the email via normal means a delivered email. This would require access to the form's email notification settings. Patches This ha...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the HTML content of email notification settings. An attacker can inject malicious scripts by crafting malicious inputs that are rendered in the preview mode. Note: This is only exploitable if the attacker ha...
CVE-2025-32426 Formie has a XSS vulnerability for email notification content for preview
Formie is a Craft CMS plugin for creating forms. Prior to version 2.1.44, it is possible to inject malicious code into the HTML content of an email notification, which is then rendered on the preview. There is no issue when rendering the email via normal means a delivered email. This would requir...