CVE-2023-40648

In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed...

EUVD-2011-1081

Malware in sbrugna...

EUVD-2024-45381

Malicious code in bioql PyPI...

CVE-2025-22926

CVE-2025-22926 affects OS4ED openSIS versions 8.0–9.1. The issue is a directory traversal vulnerability triggered by a crafted POST request to /Modules.php?modname=messaging/Inbox.php&modfunc=save&filename, allowing traversal outside the intended directory. Affects file- or path-based access as d...

CVE-2024-51518

Vulnerability of message types not being verified in the advanced messaging modul Impact: Successful exploitation of this vulnerability may affect availability...

CVE-2024-51518

Vulnerability of message types not being verified in the advanced messaging modul Impact: Successful exploitation of this vulnerability may affect availability...

CVE-2024-51518

Huawei HarmonyOS is affected by CVE-2024-51518 in the Advanced Messaging Module (also referenced as Enhanced Messages in related entries). The root cause is that message types are not verified/unchecked within the module, which can impact availability if exploited. Affected component: Advanced Me...

PT-2024-34681 · Unknown · Advanced Messaging Module

Name of the Vulnerable Software and Affected Versions: Advanced Messaging Module affected versions not specified Description: The issue concerns the verification of message types in the advanced messaging module. Successful exploitation may affect availability. Recommendations: At the moment, the...

CVE-2023-40649

In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed...

CVE-2023-40643

In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed...

vtenext cross-site scripting vulnerability

vtenext is a unique open source CRM + BPM solution for comprehensive management of leads, contacts and customers. A cross-site scripting vulnerability exists in the Messaging module of vtenext version 19 CE. The vulnerability can be exploited to inject arbitrary JavaScript code via the "From" fie...

spring-framework: ReDoS Attack with spring-messaging

Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message ...

Denial of Service in org.springframework:spring-core

Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message ...

SQL Injection Vulnerability in the Messaging Module of SMiCMS School Group System

State Micro CMS is one of the mainstream CMS systems in China, and is also the largest open source platform provider in the field of PHP in Southern China. SQL injection vulnerability exists in the station message module of the State Micro CMS school station group system. Attackers can use the...

Remote Code Execution Vulnerability in Spring Framework spring-messaging Module

Spring Framework is the United States Pivotal Software's set of open source Java, Java EE application framework. The framework helps developers build high-quality applications . A remote code execution vulnerability exists in the Spring Framework spring-messaging module. An attacker can exploit t...

CVE-2018-1270

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message to...

UBUNTU-CVE-2018-1270

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message to...

CVE-2011-1066

Cross-site scripting XSS vulnerability in the Messaging module 6.x-2.x before 6.x-2.4 and 6.x-4.x before 6.x-4.0-beta8 for Drupal allows remote attackers with administer messaging permissions to inject arbitrary web script or HTML via unspecified vectors...

CVE-2011-1066

CVE-2011-1066 is an XSS vulnerability in Drupal’s Messaging module (6.x-2.x before 6.x-2.4 and 6.x-4.x before 6.x-4.0-beta8). Exploitation requires an attacker with administer messaging permissions and can inject arbitrary web script or HTML via unspecified vectors. The provided documents do not ...

SA-CONTRIB-2011-010 - Messaging - Cross Site Scripting

The Messaging module is a Framework to allow message sending in a channel independent way. It provides a common API for message composition and sending while allowing plug-ins for multiple messaging methods. The module does not sanitize some of the user-supplied data before displaying it, leading...