Lucene search
+L

153 matches found

redhatcve
redhatcve
added 2025/05/23 8:46 a.m.12 views

CVE-2024-3406

The WP Prayer WordPress plugin through 2.0.9 does not have CSRF check in place when updating its email settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

8.8CVSS6.7AI score0.00347EPSS
Exploits2References1
cnnvd
cnnvd
added 2025/04/17 12:0 a.m.3 views

Seo Panel 安全漏洞

Seo Panel is a free search engine optimization software from Seo Panel Open Source. A security vulnerability exists in Seo Panel version 4.11.0, which stems from mishandling of the email settings component and could allow a remote attacker to obtain sensitive information...

7.6CVSS6.5AI score0.00377EPSS
Exploits1References1
veracode
veracode
added 2025/04/11 3:25 a.m.4 views

Server Side Request Forgery (SSRF)

shopxo/shopxo is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to insufficient validation of user-supplied URLs in the Email Settings feature, allows attackers to manipulate the server into making arbitrary requests to internal or external resources...

6.3CVSS7.1AI score0.00265EPSS
Exploits1References3Affected Software1
redhatcve
redhatcve
added 2025/03/30 1:6 a.m.27 views

CVE-2025-28093

ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery SSRF in Email Settings...

6.3CVSS7.2AI score0.00265EPSS
Exploits1References1
snyk
snyk
added 2025/03/29 12:31 a.m.3 views

Server-side Request Forgery (SSRF)

Overview shopxo/shopxo is an e-commerce system. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the Email Settings. An attacker can manipulate the server into making requests to unintended locations by sending crafted inputs to the affected settings...

6.3CVSS7AI score0.00265EPSS
Exploits1References2
osv
osv
added 2025/03/29 12:31 a.m.10 views

GHSA-GFHV-5RQH-7QX3 ShopXO Vulnerable to Server-Side Request Forgery (SSRF) via Email Settings

ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery SSRF in Email Settings...

6.3CVSS7.1AI score0.00265EPSS
Exploits1References3
github
github
added 2025/03/29 12:31 a.m.19 views

ShopXO Vulnerable to Server-Side Request Forgery (SSRF) via Email Settings

ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery SSRF in Email Settings...

6.3CVSS7.1AI score0.00265EPSS
Exploits1References3Affected Software1
nvd
nvd
added 2025/03/28 10:15 p.m.27 views

CVE-2025-28093

ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery SSRF in Email Settings...

6.3CVSS0.00265EPSS
Exploits1References1
cve
cve
added 2025/03/28 12:0 a.m.79 views

CVE-2025-28093

ShopXO CVE-2025-28093 affects ShopXO v6.4.0 with a Server-Side Request Forgery (SSRF) in the Email Settings feature. Exploitation arises from insufficient validation of user-supplied URLs, enabling the server to initiate arbitrary outbound requests to internal or external resources. The CVSSv3.1 ...

6.3CVSS7.1AI score0.00265EPSS
Exploits1References1Affected Software1
vulnrichment
vulnrichment
added 2025/03/28 12:0 a.m.6 views

CVE-2025-28093

ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery SSRF in Email Settings...

6.9AI score0.00265EPSS
Exploits1References1
cvelist
cvelist
added 2025/03/28 12:0 a.m.28 views

CVE-2025-28093

ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery SSRF in Email Settings...

0.00265EPSS
Exploits1References1
ptsecurity
ptsecurity
added 2025/03/28 12:0 a.m.6 views

PT-2025-13589 · Shopxo · Shopxo

Name of the Vulnerable Software and Affected Versions: ShopXO version 6.4.0 Description: The issue is related to Server-Side Request Forgery SSRF in the Email Settings. This means an attacker could potentially forge requests from the server, leading to unauthorized access to internal systems or...

6.3CVSS6.1AI score0.00265EPSS
Exploits1References10
osv
osv
added 2025/03/28 12:0 a.m.9 views

CVE-2025-28093

ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery SSRF in Email Settings...

6.3CVSS6.7AI score0.00265EPSS
Exploits1References3
cnnvd
cnnvd
added 2025/03/28 12:0 a.m.3 views

ShopXO 安全漏洞

ShopXO is an open source enterprise-grade open source e-commerce system from ShopXO Inc. A security vulnerability exists in ShopXO version v6.4.0, which originates from server-side request forgery in email settings...

6.3CVSS6.6AI score0.00265EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/02/22 12:36 a.m.9 views

CVE-2023-51314

A lack of rate limiting in the 'Forgot Password', 'Email Settings' feature of PHPJabbers Restaurant Booking System v3.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service DoS via a large amount of generated e-mail messages...

7.5CVSS6.7AI score0.00679EPSS
Exploits2References4
redhatcve
redhatcve
added 2025/02/22 12:35 a.m.9 views

CVE-2023-51309

A lack of rate limiting in the 'Email Settings' feature of PHPJabbers Car Park Booking System v3.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service DoS via a large amount of generated e-mail messages...

4.3CVSS6.7AI score0.00461EPSS
Exploits2References4
redhatcve
redhatcve
added 2025/02/22 12:35 a.m.10 views

CVE-2023-51310

A lack of rate limiting in the 'Forgot Password', 'Email Settings' feature of PHPJabbers Car Park Booking System v3.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service DoS via a large amount of generated e-mail messages...

4.3CVSS6.7AI score0.00461EPSS
Exploits2References4
redhatcve
redhatcve
added 2025/02/21 12:26 a.m.13 views

CVE-2023-51297

A lack of rate limiting in the 'Email Settings' feature of PHPJabbers Hotel Booking System v4.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service DoS via a large amount of generated e-mail messages...

6.5CVSS6.7AI score0.00504EPSS
Exploits2References4
redhatcve
redhatcve
added 2025/02/21 12:26 a.m.16 views

CVE-2023-51293

A lack of rate limiting in the 'Forgot Password', 'Email Settings' feature of PHPJabbers Event Booking Calendar v4.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service DoS via a large amount of generated e-mail messages...

7.5CVSS6.7AI score0.00679EPSS
Exploits2References5
osv
osv
added 2025/02/20 3:15 p.m.5 views

CVE-2023-51310

A lack of rate limiting in the 'Forgot Password', 'Email Settings' feature of PHPJabbers Car Park Booking System v3.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service DoS via a large amount of generated e-mail messages...

4.3CVSS5.8AI score0.00461EPSS
Exploits2References3
Rows per page
Query Builder