2 matches found
CVE-2026-56293 Capgo - Stale Cross-Organization Authorization via Incomplete deploy_history Update in transfer_app()
Capgo before 12.128.2 contains an authorization flaw in transferapp that fails to update deployhistory.ownerorg when transferring applications between organizations. Attackers can exploit this omission to retain unauthorized access to deployment history records in the source organization or cause...
EUVD-2026-42252
Capgo before 12.128.2 contains an html injection vulnerability in the organization settings endpoint that allows attackers to inject malicious HTML content. Attackers can craft payloads in the organization name field to redirect users to untrusted websites, enabling phishing attacks and...