749 matches found
CVE-2025-49583
XWiki (platform) vulnerability CVE-2025-49583 involves a user without script-right creating a document containing an XWiki.Notifications.Code.NotificationEmailRendererClass object. When an admin later edits and saves that document, the email templates in this object are used for notifications. Th...
CVE-2024-25151
The Calendar module in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions does not escape user supplied data in the default notification email template, which allows remote...
CVE-2023-50456
An issue was discovered in Zammad before 6.2.0. An attacker can trigger phishing links in generated notification emails via a crafted first or last name...
CVE-2023-32659
SUBNET PowerSYSTEM Center versions 2020 U10 and prior contain a cross-site scripting vulnerability that may allow an attacker to inject malicious code into report header graphic files that could propagate out of the system and reach users who are subscribed to email notifications...
CVE-2021-36403
In Moodle, in some circumstances, email notifications of messages could have the link back to the original message hidden by HTML, which may pose a phishing risk...
CVE-2019-11544
An issue was discovered in GitLab Community and Enterprise Edition 8.x, 9.x, 10.x, and 11.x before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. It allows Information Disclosure. Non-member users who subscribe to notifications of an internal project with issue and repository...
q2apro-on-site-notifications 代码注入漏洞
q2apro-on-site-notifications is a plugin for q2apro individual developers that replaces all email notifications for forums. A code injection vulnerability exists in q2apro-on-site-notifications version 1.4.6 and earlier, which stems from improper handling of the processrequest function in the fil...
CVE-2025-26741
Missing Authorization vulnerability in AWEOS GmbH Email Notifications for Updates wp-update-mail-notification allows Privilege Escalation.This issue affects Email Notifications for Updates: from n/a through = 1.1.6...
CVE-2025-26741
Missing Authorization vulnerability in AWEOS GmbH Email Notifications for Updates wp-update-mail-notification allows Privilege Escalation.This issue affects Email Notifications for Updates: from n/a through = 1.1.6...
CVE-2025-26741
CVE-2025-26741 concerns the WordPress plugin Email Notifications for Updates (also reflected as AWEOS GmbH Email Notifications for Updates) page up to version 1.1.6. The connected documents confirm a Missing Authorization vulnerability that allows privilege escalation, with CVSSv3.1 baseline metr...
CVE-2025-26741 WordPress Email Notifications for Updates <= 1.1.6 - Privilege Escalation Vulnerability
Missing Authorization vulnerability in AWEOS GmbH Email Notifications for Updates wp-update-mail-notification allows Privilege Escalation.This issue affects Email Notifications for Updates: from n/a through = 1.1.6...
PT-2025-16312 · Aweos Gmbh · Aweos Gmbh Email Notifications For Updates
Name of the Vulnerable Software and Affected Versions: AWEOS GmbH Email Notifications for Updates versions 1.1.6 and earlier Description: The issue is related to a Missing Authorization vulnerability that allows Privilege Escalation in AWEOS GmbH Email Notifications for Updates. Recommendations:...
CVE-2025-32426
Formie is a Craft CMS plugin for creating forms. Prior to version 2.1.44, it is possible to inject malicious code into the HTML content of an email notification, which is then rendered on the preview. There is no issue when rendering the email via normal means a delivered email. This would requir...
CVE-2025-32426
CVE-2025-32426 affects the Formie Craft CMS form plugin. The issue is an HTML injection (XSS) vulnerability in the HTML content of email notification previews, exploitable only if an attacker can modify the form’s email notification settings. The root cause is insufficient sanitization in the ema...
CVE-2025-2933 Email Notifications for Updates <= 1.1.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update
The Email Notifications for Updates plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the awunimportsettings function in all versions up to, and including, 1.1.6. This makes it possible for...
CVE-2025-2933 Email Notifications for Updates <= 1.1.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update
The Email Notifications for Updates plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the awunimportsettings function in all versions up to, and including, 1.1.6. This makes it possible for...
PT-2025-15051 · WordPress · Email Notifications For Updates
Name of the Vulnerable Software and Affected Versions: Email Notifications for Updates plugin for WordPress versions up to, and including, 1.1.6 Description: The issue allows unauthorized modification of data, potentially leading to privilege escalation, due to a missing capability check on the...
CVE-2024-49782
IBM OpenPages with Watson 8.3 and 9.0 could allow a remote attacker to spoof mail server identity when using SSL/TLS security. An attacker could exploit this vulnerability to gain access to sensitive information disclosed through email notifications generated by OpenPages or disrupt notification...
CVE-2024-49337
IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages is vulnerable to HTML injection, caused by improper validation of user-supplied input of text fields used to construct workflow email notifications. A remote authenticated attacker could exploit this vulnerability using HTML tags in a text field...
CVE-2024-49337 IBM OpenPages HTML injection
IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages is vulnerable to HTML injection, caused by improper validation of user-supplied input of text fields used to construct workflow email notifications. A remote authenticated attacker could exploit this vulnerability using HTML tags in a text field...