99 matches found
CVE-2021-21333
CVE-2021-21333 affects Synapse (matrix-synapse) before version 1.27.0. The notification emails for missed messages and for expiring accounts are subject to HTML injection, enabling an attacker to forge email content in the missed-messages notification. The account-expiry feature is not enabled by...
CVE-2021-21333
Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.27.0, the notification emails sent for notifications for missed messages or for an expiring account are subject...
PT-2021-14428 · Synapse +1 · Synapse +1
Name of the Vulnerable Software and Affected Versions: Synapse versions prior to 1.27.0 Description: The notification emails sent for notifications for missed messages or for an expiring account are subject to HTML injection. In the case of the notification for missed messages, this could allow a...
PT-2020-13417 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions prior to 13.0.1 Description: The issue allows a user to set an email as a notification email without verifying the new email. Recommendations: For versions prior to 13.0.1, update to version 13.0.1 or later to resolve th...
Potential Code Injection in Sprout Forms
Impact A potential Server-Side Template Injection vulnerability exists in Sprout Forms which could lead to the execution of Twig code. Patches The problem is fixed inbarrelstrength/sprout-forms:v3.9.0 which upgrades to barrelstrength/sprout-base-email:v1.2.7 Workarounds Users unable to upgrade...
GHSA-PX8V-HXXX-2RGH Potential Code Injection in Sprout Forms
Impact A potential Server-Side Template Injection vulnerability exists in Sprout Forms which could lead to the execution of Twig code. Patches The problem is fixed inbarrelstrength/sprout-forms:v3.9.0 which upgrades to barrelstrength/sprout-base-email:v1.2.7 Workarounds Users unable to upgrade...
CVE-2020-11056
In Sprout Forms before 3.9.0, there is a potential Server-Side Template Injection vulnerability when using custom fields in Notification Emails which could lead to the execution of Twig code. This has been fixed in 3.9.0...
CVE-2020-11056
In Sprout Forms before 3.9.0, there is a potential Server-Side Template Injection vulnerability when using custom fields in Notification Emails which could lead to the execution of Twig code. This has been fixed in 3.9.0...
Template injection
In Sprout Forms before 3.9.0, there is a potential Server-Side Template Injection vulnerability when using custom fields in Notification Emails which could lead to the execution of Twig code. This has been fixed in 3.9.0...
CVE-2020-11056 Potential Code Injection in Sprout Forms
In Sprout Forms before 3.9.0, there is a potential Server-Side Template Injection vulnerability when using custom fields in Notification Emails which could lead to the execution of Twig code. This has been fixed in 3.9.0...
CVE-2019-6781
An Improper Input Validation issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It was possible to use the profile name to inject a potentially malicious link into notification emails...
CVE-2019-6781
An Improper Input Validation issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It was possible to use the profile name to inject a potentially malicious link into notification emails...
CVE-2019-6781
An Improper Input Validation issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It was possible to use the profile name to inject a potentially malicious link into notification emails...
Input validation
An Improper Input Validation issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It was possible to use the profile name to inject a potentially malicious link into notification emails...
UBUNTU-CVE-2019-6781
An Improper Input Validation issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It was possible to use the profile name to inject a potentially malicious link into notification emails...
CVE-2019-6781
An Improper Input Validation issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It was possible to use the profile name to inject a potentially malicious link into notification emails...
Facebook Says 95 Percent of Notification Email Encrypted
All that’s missing from the organic encrypt the web movement seems to be a hashtag. Otherwise, no one can accuse major web providers of slacking as leading players such as Microsoft and Yahoo, prompted by the Snowden leaks, have made noteworthy leaps in the last 15 months to encrypt everything fr...
MOPB-03-2007:PHP Variable Destructor Deep Recursion Stack Overflow
Summary The last vulnerability for today is similar to the second one. This time the bug is however a deep recursion bug in the Zend Engine variable destruction. User input is parsed in an iterative way which allows the creation of very deeply nested array structures from user input. However when...
CVE-2001-0623
sendfiled, as included with Simple Asynchronous File Transfer SAFT, on various Linux systems does not properly drop privileges when sending notification emails, which allows local attackers to gain privileges...