Lucene search
+L

228 matches found

Patchstack
Patchstack
added 2022/05/16 12:0 a.m.48 views

WordPress WPQA premium plugin <= 5.4 - Unauthenticated Private Message Disclosure vulnerability

Unauthenticated Private Message Disclosure vulnerability discovered by Veshraj Ghimire in WordPress WPQA premium plugin versions = 5.4. Solution Update the WordPress WPQA premium plugin to the latest available version at least 5.5...

5.3CVSS2.9AI score0.05076EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/04/21 12:0 a.m.33 views

WordPress WPQA - Builder forms Addon plugin < 5.2 - Private Message Disclosure via IDOR vulnerability

Private Message Disclosure via IDOR vulnerability discovered by Veshraj Ghimire in WordPress WPQA - Builder forms Addon plugin versions 5.2. Solution Update the WordPress WPQA - Builder forms Addon plugin to the latest available version at least 5.2...

4.3CVSS3.6AI score0.00772EPSS
Exploits1References3Affected Software1
CNVD
CNVD
added 2022/01/26 12:0 a.m.22 views

Discourse Information Disclosure Vulnerability (CNVD-2022-07639)

Discourse is an open source community discussion platform. Discourse is vulnerable to an information disclosure vulnerability in which any private message containing a group exposes its title and participating users to users who do not have permission to access the private message. An attacker...

7.5CVSS2.1AI score0.0179EPSS
Exploits0References1
Hacker One
Hacker One
added 2022/01/11 1:21 p.m.32 views

Rocket.Chat: API route chat.getThreadsList leaks private message content

Summary The /api/v1/chat.getThreadsList does not sanitize user inputs and can therefore leak private thread messages to unauthorized users via Mongo DB injection. Description The chat.getThreadsList API route is defined in app/api/server/v1/chat.jsL522-L572: javascript const rid, type, text =...

4CVSS0.6AI score0.00693EPSS
Exploits1
OSV
OSV
added 2021/09/20 9:15 p.m.18 views

CVE-2021-41082

Discourse is a platform for community discussion. In affected versions any private message that includes a group had its title and participating user exposed to users that do not have access to the private messages. However, access control for the private messages was not compromised as users wer...

7.5CVSS6.8AI score
Exploits0References3
CVE
CVE
added 2021/09/20 8:20 p.m.83 views

CVE-2021-41082

CVE-2021-41082 affects the Discourse platform. In affected versions, the title and participating users of a private message that includes a group could be exposed to users without access to that private message. The issue is an information-disclosure in group-private messages, not a full message-...

7.5CVSS7.5AI score0.0179EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2021/09/20 8:20 p.m.20 views

CVE-2021-41082 Private message title and participating users leaked in discourse

Discourse is a platform for community discussion. In affected versions any private message that includes a group had its title and participating user exposed to users that do not have access to the private messages. However, access control for the private messages was not compromised as users wer...

7.5CVSS7.7AI score0.0179EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/09/20 12:0 a.m.5 views

Discourse 信息泄露漏洞

Discourse is an open source community discussion platform. Discourse is vulnerable to an information disclosure vulnerability in which any private message containing a group exposes its title and participating users to users who do not have permission to access the private message. An attacker...

7.5CVSS7.4AI score0.0179EPSS
Exploits0References4
NVD
NVD
added 2021/09/09 11:15 p.m.19 views

CVE-2020-19288

A stored cross-site scripting XSS vulnerability in the /localhost/u component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in a private message...

5.4CVSS0.00545EPSS
Exploits1References2
OSV
OSV
added 2021/09/09 11:15 p.m.12 views

CVE-2020-19288

A stored cross-site scripting XSS vulnerability in the /localhost/u component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in a private message...

5.4CVSS5.5AI score
Exploits0References2
NVD
NVD
added 2021/05/12 3:15 p.m.16 views

CVE-2021-32607

An issue was discovered in Smartstore aka SmartStoreNET through 4.1.1. Views/PrivateMessages/View.cshtml does not call HtmlUtils.SanitizeHtml on a private message...

9.8CVSS0.33442EPSS
Exploits1References2
OSV
OSV
added 2021/05/12 3:15 p.m.20 views

CVE-2021-32607

An issue was discovered in Smartstore aka SmartStoreNET through 4.1.1. Views/PrivateMessages/View.cshtml does not call HtmlUtils.SanitizeHtml on a private message...

9.8CVSS6.8AI score
Exploits0References2
OSV
OSV
added 2021/04/15 12:15 a.m.17 views

CVE-2021-30479

An issue was discovered in Zulip Server before 3.4. A bug in the implementation of the allpublicstreams API feature resulted in guest users being able to receive message traffic to public streams that should have been only accessible to members of the organization...

5.3CVSS6.9AI score
Exploits0References1
Prion
Prion
added 2021/04/15 12:15 a.m.16 views

Design/Logic Flaw

An issue was discovered in Zulip Server before 3.4. A bug in the implementation of the allpublicstreams API feature resulted in guest users being able to receive message traffic to public streams that should have been only accessible to members of the organization...

5CVSS5.3AI score0.00862EPSS
Exploits0References1Affected Software1
Hacker One
Hacker One
added 2019/11/05 2:7 a.m.89 views

Shopify: Stored XSS in private message

1.Open customer function https://mosuan-img-src-x.myshopify.com/admin/customers 2.Click on the customer's email address F625957 3.Click the sent message on the current page F625959 Impact admin...

0.8AI score
Exploits0
OpenVAS
OpenVAS
added 2019/06/17 12:0 a.m.44 views

MyBB < 1.8.21 Multiple Vulnerabilities

MyBB is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mybb:mybb"; ifdescription...

8.7CVSS7.5AI score0.01495EPSS
Exploits2References2
NVD
NVD
added 2019/06/15 6:29 p.m.24 views

CVE-2019-12830

In MyBB before 1.8.21, an attacker can exploit a parsing flaw in the Private Message / Post renderer that leads to video BBCode persistent XSS to take over any forum account, aka a nested video MyCode issue...

8.7CVSS8.3AI score0.00983EPSS
Exploits1References2
Hacker One
Hacker One
added 2019/02/03 8:7 p.m.34 views

WordPress: Mssing Authorization on Private Message replies (BuddyPress)

Description: Users can reply to private message threads which they are not participants of by changing the threadid parameter in the messagessendreply ajax action. This affects both the Legacy and Nouveau Template packs. Steps To Reproduce: 1. Login to your account 2. Send the following request...

0.4AI score
Exploits0
Hacker One
Hacker One
added 2019/01/28 7:45 a.m.34 views

WordPress: Stored XSS in Private Message component (BuddyPress)

Description: WordPress version: 5.0.3 BuddyPress version: 4.1.0 Users with accounts can send private messages containing rendered HTML to other uses, this includes being able to execute javascript code via elements such as scripts, iframe etc. The XSS is stored in the database and is triggered an...

5.8AI score
Exploits0
CNVD
CNVD
added 2018/07/02 12:0 a.m.4 views

Advanced Electron Forum Private Message Module Cross-Site Scripting Vulnerability

Advanced Electron Forum AEF is an online forum system written in PHP.Private Message is one of the personal information modules. A cross-site scripting vulnerability exists in the 'FTP Link' element of the Private Message module in AEF version 1.0.9, which originates from unfiltered content in th...

4.8CVSS5AI score0.00935EPSS
Exploits3References1
Rows per page
Query Builder