216 matches found
CVE-2025-26559
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Chris Taylor Secure Invites wordpress-mu-secure-invites allows Reflected XSS.This issue affects Secure Invites: from n/a through = 1.3...
CVE-2025-26559
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Chris Taylor Secure Invites wordpress-mu-secure-invites allows Reflected XSS.This issue affects Secure Invites: from n/a through = 1.3...
CVE-2025-26559
CVE-2025-26559 is a Reflected Cross-Site Scripting (XSS) vulnerability in the WordPress Secure Invites plugin. The CVE references NotFound Secure Invites and indicates an impact on Secure Invites versions up to 1.3. Connected documents specify a WordPress plugin context (Secure Invites) and list ...
CVE-2025-26559 WordPress Secure Invites plugin <= 1.2.5 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Chris Taylor Secure Invites wordpress-mu-secure-invites allows Reflected XSS.This issue affects Secure Invites: from n/a through = 1.3...
WordPress plugin Secure Invites 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
WordPress Secure Invites plugin <= 1.2.5 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Secure Invites versions = 1.3...
DRUPAL-CONTRIB-2025-015
Open Social is a Drupal distribution for online communities, which ships with a default module to invite users to groups and events. Invites for a specific user can be seen under certain conditions. The issue is mitigated for events by the fact that social\event\max\enroll has to be enabled...
Open Social - Less critical - Access bypass, Information Disclosure - SA-CONTRIB-2025-015
Open Social is a Drupal distribution for online communities, which ships with a default module to invite users to groups and events. Invites for a specific user can be seen under certain conditions. The issue is mitigated for events by the fact that socialeventmaxenroll has to be enabled...
CVE-2024-0404
A mass assignment vulnerability exists in the /api/invite/:code endpoint of the mintplex-labs/anything-llm repository, allowing unauthorized creation of high-privileged accounts. By intercepting and modifying the HTTP request during the account creation process via an invitation link, an attacker...
PT-2025-4490 · Mattermost +1 · Mattermost +1
Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.11.0 through 9.11.5 Description: The issue is related to the failure of Mattermost to enforce invite permissions. This allows team admins, who do not have permission to invite users to their team, to invite users by maki...
Google Calendar Phishing Scam Targets Users with Malicious Invites
Protect yourself from sophisticated phishing attacks that leverage Google Calendar to steal your personal information...
Improper Input Validation
Synapse is vulnerable to Improper Input Validation. The vulnerability is due to improper validation of invites received over federation, allowing a malicious server to send crafted invites that disrupt the affected user's ability to perform /sync operations...
SUSE CVE-2024-52815
Synapse is an open-source Matrix homeserver. Synapse versions before 1.120.1 fail to properly validate invites received over federation. This vulnerability allows a malicious server to send a specially crafted invite that disrupts the invited user's /sync functionality. Synapse 1.120.1 rejects su...
DEBIAN-CVE-2024-52815
Synapse is an open-source Matrix homeserver. Synapse versions before 1.120.1 fail to properly validate invites received over federation. This vulnerability allows a malicious server to send a specially crafted invite that disrupts the invited user's /sync functionality. Synapse 1.120.1 rejects su...
UBUNTU-CVE-2024-52815
Synapse is an open-source Matrix homeserver. Synapse versions before 1.120.1 fail to properly validate invites received over federation. This vulnerability allows a malicious server to send a specially crafted invite that disrupts the invited user's /sync functionality. Synapse 1.120.1 rejects su...
PT-2024-35463 · Synapse · Synapse
Name of the Vulnerable Software and Affected Versions: Synapse versions prior to 1.120.1 Description: Synapse is an open-source Matrix homeserver. The issue arises from the failure to properly validate invites received over federation, allowing a malicious server to send a specially crafted invit...
GO-2024-3240 Grafana org admin can delete pending invites in different org in github.com/grafana/grafana
Grafana org admin can delete pending invites in different org in github.com/grafana/grafana...
BIT-GRAFANA-2024-10452
Organization admins can delete pending invites created in an organization they are not part of...
SUSE CVE-2024-10452
Organization admins can delete pending invites created in an organization they are not part of...
Grafana org admin can delete pending invites in different org
Organization admins can delete pending invites created in an organization they are not part of...