GO-2024-3090 Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server

Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server...

Mattermost allows team admin user without "Add Team Members" permission to disable invite URL

Mattermost versions 9.5.x = 9.5.7, 9.10.x = 9.10.0 fail to properly enforce permissions which allows a team admin user without "Add Team Members" permission to disable the invite URL...

GHSA-3J95-8G47-FPWH Mattermost allows team admin user without "Add Team Members" permission to disable invite URL

Mattermost versions 9.5.x = 9.5.7, 9.10.x = 9.10.0 fail to properly enforce permissions which allows a team admin user without "Add Team Members" permission to disable the invite URL...

CVE-2024-40884

Mattermost versions 9.5.x = 9.5.7, 9.10.x = 9.10.0 fail to properly enforce permissions which allows a team admin user without "Add Team Members" permission to disable the invite URL...

CVE-2024-40884

Mattermost versions 9.5.x = 9.5.7, 9.10.x = 9.10.0 fail to properly enforce permissions which allows a team admin user without "Add Team Members" permission to disable the invite URL...

CVE-2024-40884 Unauthorized disabling of invite URL

Mattermost versions 9.5.x = 9.5.7, 9.10.x = 9.10.0 fail to properly enforce permissions which allows a team admin user without "Add Team Members" permission to disable the invite URL...

CVE-2024-40884

Mattermost Server 9.5.x (up to 9.5.7) and 9.10.x (up to 9.10.0) are affected by an improper access control issue that allows a team admin user without the Add Team Members permission to disable the invite URL. The issue is caused by insufficient enforcement of permissions (no explicit access cont...

CVE-2024-40884 Unauthorized disabling of invite URL

Mattermost versions 9.5.x = 9.5.7, 9.10.x = 9.10.0 fail to properly enforce permissions which allows a team admin user without "Add Team Members" permission to disable the invite URL...

PT-2024-29128 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.5.x through 9.5.7 Mattermost versions 9.10.x through 9.10.0 Description: The issue is related to improper permission enforcement, allowing a team admin user without the "Add Team Members" permission to disable the invite...

CVE-2024-43327

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Boone Gorges Invite Anyone allows Reflected XSS.This issue affects Invite Anyone: from n/a through 1.4.7...

CVE-2024-43327

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Boone Gorges Invite Anyone allows Reflected XSS.This issue affects Invite Anyone: from n/a through 1.4.7...

CVE-2024-43327

CVE-2024-43327 refers to an issue in the WordPress plugin Invite Anyone where input is improperly neutralized during web page generation, enabling a reflected XSS. Affected: Invite Anyone (WordPress plugin) and versions up to 1.4.7. The vulnerability could allow an attacker to inject and execute ...

CVE-2024-43327 WordPress Invite Anyone plugin <= 1.4.7 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Boone Gorges Invite Anyone allows Reflected XSS.This issue affects Invite Anyone: from n/a through 1.4.7...

CVE-2024-43327 WordPress Invite Anyone plugin <= 1.4.7 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Boone Gorges Invite Anyone allows Reflected XSS.This issue affects Invite Anyone: from n/a through 1.4.7...

WordPress plugin Invite Anyone 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress Invite Anyone plugin <= 1.4.7 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Dimas Maulana Patchstack Alliance in WordPress Plugin Invite Anyone versions = 1.4.7...

WordPress Invite Anyone Plugin <= 1.4.7 is vulnerable to Cross Site Scripting (XSS)

Software Invite Anyone Type Plugin Vulnerable versions = 1.4.7 Fixed in 1.4.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43327 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID e990de812727 Credits Dimas Maulana Required privilege...

CVE-2024-2232

The lacks CSRF checks allowing a user to invite any user to any group including private groups...

CVE-2024-2232 Himer - Social Questions and Answers < 2.1.3 - CSRF While Sending the Invites

The lacks CSRF checks allowing a user to invite any user to any group including private groups...

CVE-2024-2232 Himer - Social Questions and Answers < 2.1.3 - CSRF While Sending the Invites

The lacks CSRF checks allowing a user to invite any user to any group including private groups...