CVE-2026-7457

The LatePoint plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to and including 5.5.0. This is due to insufficient input sanitization on the customer cabinet profile update endpoint — where raw POST parameters firstname, lastname, phone, notes bypass sanitizati...

CVE-2026-7457

The LatePoint plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to and including 5.5.0. This is due to insufficient input sanitization on the customer cabinet profile update endpoint — where raw POST parameters firstname, lastname, phone, notes bypass sanitizati...

PT-2026-37353

The LatePoint plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to and including 5.5.0. This is due to insufficient input sanitization on the customer cabinet profile update endpoint — where raw POST parameters first name, last name, phone, notes bypass...

CVE-2025-53909 mailcow: dockerized vulnerable to SSTI in Quota and Quarantine Notification Template

mailcow: dockerized is an open source groupware/email suite based on docker. A Server-Side Template Injection SSTI vulnerability exists in versions prior to 2025-07 in the notification template system used by mailcow for sending quota and quarantine alerts. The template rendering engine allows...

CVE-2024-52292 Craft Allows Attackers to Read Arbitrary System Files

Craft is a content management system CMS. The dataUrl function can be exploited if an attacker has write permissions on system notification templates. This function accepts an absolute file path, reads the file's content, and converts it into a Base64-encoded string. By embedding this function...

CVE-2024-52292

CVE-2024-52292 affects Craft CMS. The dataUrl function can exfiltrate the contents of arbitrary server files when an attacker has write permissions on system notification templates and can trigger a system email. By embedding a path to a sensitive file, the Base64-encoded content is sent via an e...

CVE-2018-15511

Cross-site scripting XSS vulnerability in the 'Notification template' feature of totemomail 6.0.0 build 570 allows remote attackers to inject arbitrary web script or HTML...

CVE-2018-15511

Cross-site scripting XSS vulnerability in the 'Notification template' feature of totemomail 6.0.0 build 570 allows remote attackers to inject arbitrary web script or HTML...

CVE-2018-15511

CVE-2018-15511 – totemomail 6.0.0 build 570 suffers a cross-site scripting (XSS) vulnerability in the Notification template feature. The description confirms an attacker can inject arbitrary web script or HTML via this feature. Connected sources (NVD/NVD-derived records, PRION/CVE lists, and EUVD...

CVE-2018-15511

Cross-site scripting XSS vulnerability in the 'Notification template' feature of totemomail 6.0.0 build 570 allows remote attackers to inject arbitrary web script or HTML...