154 matches found
PT-2024-20938 · WordPress · Permalink Manager Lite
Name of the Vulnerable Software and Affected Versions: Permalink Manager Lite plugin for WordPress versions up to, and including, 2.4.3.1 Description: The issue allows unauthorized access to data due to a missing capability check on the get uri editor function. This enables unauthenticated...
PT-2024-20908 · WordPress · Permalink Manager Lite
Name of the Vulnerable Software and Affected Versions: Permalink Manager Lite plugin for WordPress versions up to, and including, 2.4.3.1 Description: The issue arises from a missing capability check on the ajax save permalink function, allowing authenticated attackers with author access or above...
Information Disclosure
github.com/mattermost/mattermost-server is vulnerable to an information disclosure. The vulnerability is due to insufficient sanitization of the metadata on posts containing permalinks under specific conditions, allowing an authenticated user to access the contents of individual posts in channels...
GHSA-HWJF-4667-GQWX Mattermost allows attackers access to posts in channels they are not a member of
Mattermost versions 8.1.x before 8.1.9, 9.2.x before 9.2.5, and 9.3.0 fail to sanitize the metadata on posts containing permalinks under specific conditions, which allows an authenticated attacker to access the contents of individual posts in channels they are not a member of...
CVE-2024-1952
Mattermost version 8.1.x before 8.1.9 fails to sanitize data associated with permalinks when a plugin updates an ephemeral post, allowing an authenticated attacker who can control the ephemeral post update to access individual posts' contents in channels they are not a member of...
Design/Logic Flaw
Mattermost versions 8.1.x before 8.1.9, 9.2.x before 9.2.5, and 9.3.0 fail to sanitize the metadata on posts containing permalinks under specific conditions, which allows an authenticated attacker to access the contents of individual posts in channels they are not a member of...
CVE-2024-1952
Mattermost version 8.1.x before 8.1.9 fails to sanitize data associated with permalinks when a plugin updates an ephemeral post, allowing an authenticated attacker who can control the ephemeral post update to access individual posts' contents in channels they are not a member of...
PT-2024-18438 · Mattermost · Mattermost
Name of the Vulnerable Software and Affected Versions: Mattermost versions 8.1.x through 8.1.8 Mattermost versions 9.2.x through 9.2.4 Mattermost version 9.3.0 Description: The issue arises from the failure to sanitize metadata on posts containing permalinks under specific conditions. This allows...
Mattermost Security Vulnerabilities
Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost versions 8.1.x up to and including 8.1.9, which stems from an inability to clean data associated with permalinks. An attacker exploiting the vulnerability...
PT-2024-18446 · Mattermost · Mattermost
Name of the Vulnerable Software and Affected Versions: Mattermost versions 8.1.x through 8.1.8 Description: The issue allows an authenticated attacker who can control the update of an ephemeral post to access individual posts' contents in channels they are not a member of. This is due to a failur...
Mattermost Security Vulnerabilities
Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost versions 8.1.x through prior to 8.1.9, 9.2.x through prior to 9.2.5, and 9.3.0, which stems from an inability to clean up metadata on posts containing...
PT-2024-17246 · WordPress · The Wp Club Manager – Wordpress Sports Club Plugin
Name of the Vulnerable Software and Affected Versions: The WP Club Manager – WordPress Sports Club Plugin plugin for WordPress versions up to, and including, 2.2.10 Description: The issue is related to a missing capability check on the settings save function, allowing unauthorized modification of...
Permalinks Customizer <= 2.8.2 - Reflected Cross-Site Scripting
Description The Permalinks Customizer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via an unknown parameter in all versions up to, and including, 2.8.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to injec...
CVE-2023-47773
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in YAS Global Team Permalinks Customizer plugin = 2.8.2 versions...
CVE-2023-47773
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in YAS Global Team Permalinks Customizer plugin = 2.8.2 versions...
Cross site scripting
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in YAS Global Team Permalinks Customizer plugin = 2.8.2 versions...
CVE-2023-47773 WordPress Permalinks Customizer Plugin <= 2.8.2 is vulnerable to Cross Site Scripting (XSS)
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in YAS Global Team Permalinks Customizer plugin = 2.8.2 versions...
CVE-2023-47773
CVE-2023-47773 : Reflected Cross-Site Scripting in the WordPress plugin Permalinks Customizer (YAS Global Team) versions
WordPress Plugin Permalinks Customizer Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...
PT-2023-30600 · Unknown · Yas Global Team Permalinks Customizer
Name of the Vulnerable Software and Affected Versions: YAS Global Team Permalinks Customizer plugin versions prior to 2.8.3 Description: The issue is related to an Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for potential malicious...