Apple iPhone 输入验证错误漏洞

The Apple iPhone is a smartphone from Apple, an American Apple Apple company. The Apple iPhone suffers from an input validation error vulnerability that stems from otherwise maliciously crafted calendar invitations that may disclose user information...

Social Invitations Plugin for WordPress < 1.4.4.3 Cross-Site Scripting

The WordPress Social Invitations Plugin installed on the remote host is affected by a Cross-Site Scripting. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. No source data...

Discourse 信息泄露漏洞

Discourse is an open source community discussion platform. The platform includes features such as communities, email and chat rooms. Discourse suffers from an information disclosure vulnerability that stems from the fact that users who have withdrawn their invitations can be added as participants...

CVE-2022-39356 Discourse user account takeover via email and invite link

Discourse is a platform for community discussion. Users who receive an invitation link that is not scoped to a single email address can enter any non-admin user's email and gain access to their account when accepting the invitation. All users should upgrade to the latest version. A workaround is...

Patrik Dufresne Rdiffweb user redirection vulnerability

Patrik Dufresne Rdiffweb is a web application from the personal developer Patrik Dufresne, USA. Patrik Dufresne Rdiffweb is vulnerable to a user redirection vulnerability, which stems from the fact that the system does not handle target bounces properly and can be exploited to inject malicious...

Rdiffweb 输入验证错误漏洞

Patrik Dufresne Rdiffweb is a web application from the personal developer Patrik Dufresne, USA. Patrik Dufresne Rdiffweb is vulnerable to a user redirection vulnerability, which stems from the fact that the system does not handle target bounces properly and can be exploited to inject malicious...

Hyperlink injection leads to redirect victim to malicious website

Description Hyperlink Injection it’s when attacker injecting a malicious link when sending an email invitation Proof of Concept 1 Go to https://rdiffweb-dev.ikus-soft.com/prefs/general 2 Set your full name as "Your account has been hacked please visit evil.com" 3 Save changes 4 Perform any activi...

CVE-2022-37458

Discourse through 2.8.7 allows admins to send invitations to arbitrary email addresses at an unlimited rate...

CVE-2022-37458

Discourse through 2.8.7 allows admins to send invitations to arbitrary email addresses at an unlimited rate...

Design/Logic Flaw

Discourse through 2.8.7 allows admins to send invitations to arbitrary email addresses at an unlimited rate...

CVE-2022-37458

CVE-2022-37458 affects Discourse up to version 2.8.7, where admins can invite arbitrary email addresses at an unlimited rate. Public sources describe the issue as a rate-limiting/ invitation-surfeit vulnerability in Discourse (2.8.x). The NVD entry lists CVSS3.1 base metrics: AV:N, AC:L, PR:H, UI...

PT-2022-24011 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 2.8.8 Description: The issue allows administrators to send invitations to arbitrary email addresses at an unlimited rate. Recommendations: For versions prior to 2.8.8, update to version 2.8.8 or later to resolve th...

GitLab CE/EE 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery and other features. A security vulnerability in GitLab CE/EE all versions prior to 15.0.5, all...

Cross-site Scripting (XSS) - Stored in Space Name

Description Cross-site Scripting XSS - Stored in space name. Because space name is not HTML encoded, "Confirm action" modal pops up then the script is executed. Proof of Concept Step 1: Create a new Space and fill in name with this payload: "alert1. Step 2: Send an invite to victim then save. Ste...

Discourse 安全漏洞

Discourse is an open source community discussion platform. The platform includes community, email, and chat room features. A security vulnerability exists in versions prior to Discourse 2.8.4, which stems from the fact that inviting users to a site using single sign-on can bypass the...

PT-2022-2799 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab Enterprise Edition versions 11.10 through 14.9.5 GitLab Enterprise Edition versions 14.10 through 14.10.4 GitLab Enterprise Edition versions 15.0 through 15.0.1 Description: The issue is related to the SCIM feature in GitLab, which can...

GHSA-JXC4-W54C-QV5R Mattermost Server uses weak hashing for OAuth, email verification tokens and invitations

An issue was discovered in Mattermost Server before 3.8.2 and 3.7.5. Weak hashing was used for e-mail invitations, OAuth, and e-mail verification tokens...

Mattermost Server uses weak hashing for OAuth, email verification tokens and invitations

An issue was discovered in Mattermost Server before 3.8.2 and 3.7.5. Weak hashing was used for e-mail invitations, OAuth, and e-mail verification tokens...

CVE-2022-1670

When generating a user invitation code in Octopus Server, the validity of this code can be set for a specific number of users. It was possible to bypass this restriction of validity to create extra user accounts above the initial number of invited users...

CVE-2022-23068

ToolJet versions v0.6.0 to v1.10.2 are vulnerable to HTML injection where an attacker can inject malicious code inside the first name and last name field while inviting a new user which will be reflected in the invitational e-mail...