25 matches found
Nextcloud: BOLA/IDOR in Out-of-Office API allows any authenticated user to read other users' absence data
Summary The Out-of-Office OOO API endpoints at /ocs/v2.php/apps/dav/api/v1/outOfOffice/userId and /ocs/v2.php/apps/dav/api/v1/outOfOffice/userId/now suffer from a Broken Object Level Authorization BOLA vulnerability. Any authenticated user can retrieve the out-of-office data of any other user by...
EUVD-2021-31687
Malicious code in bioql PyPI...
EUVD-2024-31556
Malicious code in bioql PyPI...
CVE-2025-45938
Akeles Out of Office Assistant for Jira 4.0.1 is vulberable to Cross Site Scripting XSS via the Jira fullName parameter...
CVE-2025-45938
Akeles Out of Office Assistant for Jira 4.0.1 is vulberable to Cross Site Scripting XSS via the Jira fullName parameter...
Akeles Out of Office Assistant for Jira 安全漏洞
Akeles Out of Office Assistant for Jira is an application from Akeles Singapore for the Jira platform. A security vulnerability exists in Akeles Out of Office Assistant for Jira version 4.0.1, which originates from the Jira fullName parameter and is susceptible to cross-site scripting attacks...
CVE-2025-45938
Akeles Out of Office Assistant for Jira 4.0.1 is vulberable to Cross Site Scripting XSS via the Jira fullName parameter...
CVE-2025-45938
The CVE-2025-45938 vulnerability affects Akeles Out of Office Assistant for Jira 4.0.1. The issue is a Cross-Site Scripting (XSS) flaw triggered via the Jira fullName parameter. Documented impact is limited to XSS; no exploitation details are provided in the sources. A remediation note from PT Se...
CVE-2025-45938
Akeles Out of Office Assistant for Jira 4.0.1 is vulberable to Cross Site Scripting XSS via the Jira fullName parameter...
PT-2025-27806 · Akeles +1 · Akeles Out Of Office Assistant For Jira +1
Name of the Vulnerable Software and Affected Versions: Akeles Out of Office Assistant for Jira version 4.0.1 Description: The issue is related to Cross Site Scripting XSS via the Jira fullName parameter. This allows for potential malicious script execution. No information is provided about the...
CVE-2021-44886
In Zammad 5.0.2, agents can configure "out of office" periods and substitute persons. If the substitute persons didn't have the same permissions as the original agent, they could receive ticket notifications for tickets that they have no access to...
CVE-2024-33849
ci solution CI-Out-of-Office Manager through 6.0.0.77 uses a Hard-coded Cryptographic Key...
CVE-2024-33849
ci solution CI-Out-of-Office Manager through 6.0.0.77 uses a Hard-coded Cryptographic Key...
CVE-2024-33849
ci solution CI-Out-of-Office Manager through 6.0.0.77 uses a Hard-coded Cryptographic Key...
CI solution CI-Out-of-Office Manager 安全漏洞
CI solution CI-Out-of-Office Manager is a tool from CI solution for managing employee leave and out-of-office status. The solution is designed to streamline and automate the leave request, approval, and recording process to improve management efficiency in your organization. A security...
Mattermost: DoS via Automatic Response Message
Summary: A user can enable and modify its automatic response message, that is automatically sent when the user has the "Out of Office" status. This response message doesn't have any size check or validation, which allows an attacker to set an almost unlimited number of characters as the response...
Zammad has an unspecified vulnerability (CNVD-2022-22302)
Zammad is a suite of ticket management software from the German company Zammad. a security vulnerability exists in Zammad, which stems from the ability of agents to configure out of office periods and substitutes. If substitutes do not have the same privileges as the original agent, they may...
CVE-2021-44886
In Zammad 5.0.2, agents can configure "out of office" periods and substitute persons. If the substitute persons didn't have the same permissions as the original agent, they could receive ticket notifications for tickets that they have no access to...
CVE-2021-44886
In Zammad 5.0.2, agents can configure "out of office" periods and substitute persons. If the substitute persons didn't have the same permissions as the original agent, they could receive ticket notifications for tickets that they have no access to...
CVE-2021-44886
In Zammad 5.0.2, agents can configure "out of office" periods and substitute persons. If the substitute persons didn't have the same permissions as the original agent, they could receive ticket notifications for tickets that they have no access to...