Lucene search
+L

228 matches found

cvelist
cvelist
added 2023/01/27 6:57 p.m.23 views

CVE-2023-0549 YAFNET Private Message PostPrivateMessage cross site scripting

A vulnerability, which was classified as problematic, has been found in YAFNET up to 3.1.10. This issue affects some unknown processing of the file /forum/PostPrivateMessage of the component Private Message Handler. The manipulation of the argument subject/message leads to cross site scripting. T...

4CVSS5.5AI score0.0069EPSS
Exploits1References6
ptsecurity
ptsecurity
added 2023/01/27 12:0 a.m.8 views

PT-2023-16354 · Yafnet · Yafnet

Name of the Vulnerable Software and Affected Versions: YAFNET versions up to 3.1.10 Description: A problematic issue has been found in the Private Message Handler component, affecting the processing of the file /forum/PostPrivateMessage. The manipulation of the subject and message arguments leads...

5.4CVSS4.3AI score0.0069EPSS
Exploits1References10
osv
osv
added 2022/11/30 3:34 p.m.4 views

DRUPAL-CONTRIB-2022-062

Social Private Message module allows users on the platform to allow users to send private messages to each other. The module does not properly perform the correct access checks for certain operations...

6.8AI score
Exploits0References1
drupal
drupal
added 2022/11/30 12:0 a.m.17 views

Open Social - Moderately critical - Access bypass - SA-CONTRIB-2022-062

Social Private Message module allows users on the platform to allow users to send private messages to each other. The module does not properly perform the correct access checks for certain operations...

6.7AI score
Exploits0References7
nvd
nvd
added 2022/11/14 9:15 p.m.32 views

CVE-2022-39385

Discourse is the an open source discussion platform. In some rare cases users redeeming an invitation can be added as a participant to several private message topics that they should not be added to. They are not notified of this, it happens transparently in the background. This issue has been...

6.5CVSS0.00497EPSS
Exploits0References2
prion
prion
added 2022/11/14 9:15 p.m.17 views

Information disclosure

Discourse is the an open source discussion platform. In some rare cases users redeeming an invitation can be added as a participant to several private message topics that they should not be added to. They are not notified of this, it happens transparently in the background. This issue has been...

4CVSS6.4AI score0.00497EPSS
Exploits0References2Affected Software1
vulnrichment
vulnrichment
added 2022/11/14 12:0 a.m.6 views

CVE-2022-39385 Users erroneously and transparently added to private messages in Discourse

Discourse is the an open source discussion platform. In some rare cases users redeeming an invitation can be added as a participant to several private message topics that they should not be added to. They are not notified of this, it happens transparently in the background. This issue has been...

6.5CVSS6.4AI score0.00497EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2022/09/23 6:28 p.m.7 views

CVE-2022-32229

A information disclosure vulnerability exists in Rockert.Chat v5 due to /api/v1/chat.getThreadsList lack of sanitization of user inputs and can therefore leak private thread messages to unauthorized users via Mongo DB injection...

4.6AI score0.00693EPSS
Exploits1References1
cvelist
cvelist
added 2022/08/29 2:40 p.m.25 views

CVE-2022-2080 Sensei LMS < 4.5.2 - Arbitrary Private Message Sending via IDOR

The Sensei LMS WordPress plugin before 4.5.2 does not ensure that the sender of a private message is either the teacher or the original sender, allowing any authenticated user to send messages to arbitrary private conversation via a IDOR attack. Note: Attackers are not able to see...

5AI score0.00645EPSS
Exploits2References2
osv
osv
added 2022/08/29 2:40 p.m.10 views

CVE-2022-2080 Sensei LMS < 4.5.2 - Arbitrary Private Message Sending via IDOR

The Sensei LMS WordPress plugin before 4.5.2 does not ensure that the sender of a private message is either the teacher or the original sender, allowing any authenticated user to send messages to arbitrary private conversation via a IDOR attack. Note: Attackers are not able to see...

4.3CVSS6.1AI score0.00645EPSS
Exploits2References4
cnnvd
cnnvd
added 2022/08/29 12:0 a.m.7 views

WordPress plugin Sensei LMS 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

4.3CVSS6.7AI score0.00645EPSS
Exploits2References3
cvelist
cvelist
added 2022/08/22 3:0 p.m.33 views

CVE-2022-2198 WPQA < 5.7 - Subscriber+ Private Message Disclosure via IDOR

The WPQA Builder WordPress plugin before 5.7 which is a companion plugin to the Hilmer and Discy , does not check authorization before displaying private messages, allowing any logged in user to read other users private message using the message id, which can easily be brute forced...

4.8AI score0.00609EPSS
Exploits1References1
cnnvd
cnnvd
added 2022/08/22 12:0 a.m.5 views

WordPress plugin WPQA Builder 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in the...

4.3CVSS5.3AI score0.00609EPSS
Exploits1References2
huntr
huntr
added 2022/08/05 6:36 p.m.10 views

Send message to blocked user

Description In this case if a userA block userB. UserB is still able to send private message to user A Proof of Concept 1.USerA block userB 2.UserB send direct request to message endpoint with userA''s userID Poc POST https://bookwyrm.social/post/direct Host: bookwyrm.social User-Agent: Mozilla/5...

7AI score
Exploits0
wpvulndb
wpvulndb
added 2022/08/04 12:0 a.m.9 views

Sensei LMS < 4.5.2 - Arbitrary Private Message Sending via IDOR

The plugin does not ensure that the sender of a private message is either the teacher or the original sender, allowing any authenticated user to send messages to arbitrary private conversation via a IDOR attack. Note: Attackers are not able to see responses/messages between the teacher and studen...

4.3CVSS4AI score0.00645EPSS
Exploits2References1Affected Software1
wpexploit
wpexploit
added 2022/08/04 12:0 a.m.149 views

Sensei LMS < 4.5.2 - Arbitrary Private Message Sending via IDOR

The plugin does not ensure that the sender of a private message is either the teacher or the original sender, allowing any authenticated user to send messages to arbitrary private conversation via a IDOR attack. Note: Attackers are not able to see responses/messages between the teacher and studen...

4.3CVSS1.7AI score0.00645EPSS
Exploits2References1
patchstack
patchstack
added 2022/08/04 12:0 a.m.25 views

WordPress Sensei LMS plugin <= 4.5.1 - Arbitrary Private Message Sending via IDOR vulnerability

Arbitrary Private Message Sending via IDOR vulnerability discovered by Veshraj Ghimire in WordPress Sensei LMS plugin versions = 4.5.1. Solution Update the WordPress Sensei LMS plugin to the latest available version at least 4.5.2...

4.3CVSS3.7AI score0.00645EPSS
Exploits2References1Affected Software1
prion
prion
added 2022/06/24 4:15 p.m.16 views

Cross site scripting

BigBlueButton version 2.4.7 or earlier is vulnerable to stored Cross-Site Scripting XSS in the private chat functionality. A threat actor could inject JavaScript payload in his/her username. The payload gets executed in the browser of the victim each time the attacker sends a private message to t...

3.5CVSS5.1AI score0.00428EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2022/06/06 8:51 a.m.50 views

CVE-2022-1598 WPQA < 5.5 - Unauthenticated Private Message Disclosure

The WPQA Builder WordPress plugin before 5.5 which is a companion to the Discy and Himer , lacks authentication in a REST API endpoint, allowing unauthenticated users to discover private questions sent between users on the site...

5.7AI score0.05076EPSS
Exploits2References1
github
github
added 2022/05/17 5:52 a.m.15 views

phpBB vulnerable to sensitive information disclosure

Unspecified vulnerability in phpBB before 3.0.4 allows attackers to obtain sensitive information via unknown vectors related to the lack of password prompts for a private message that quotes a post in a password-protected forum...

5CVSS6.4AI score0.011EPSS
Exploits0References8Affected Software1
Rows per page
Query Builder