PT-2025-44804

Name of the Vulnerable Software and Affected Versions Mantis Bug Tracker versions 2.27.1 and below Description Mantis Bug Tracker is an open source issue tracker. When a user modifies their profile to update their email address, the system saves the change without verifying ownership. This can le...

CVE-2023-31935

Cross Site Scripting vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to obtain sensitive information via the emial parameter of admin-profile.php...

PT-2023-8977 · Grafana +3 · Grafana +3

Name of the Vulnerable Software and Affected Versions: Grafana affected versions not specified Description: The issue is related to a weakness in the authentication mechanism of Grafana, specifically with the verify email enabled option. This option only validates email addresses during the sign-...

CVE-2023-31935

Cross Site Scripting vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to obtain sensitive information via the emial parameter of admin-profile.php...

SUSE CVE-2023-3128

Grafana is validating Azure AD accounts based on the email claim. On Azure AD, the profile email field is not unique and can be easily modified. This leads to account takeover and authentication bypass when Azure AD OAuth is configured with a multi-tenant app...

CVE-2019-10673

A CSRF vulnerability in a logged-in user's profile edit form in the Ultimate Member plugin before 2.0.40 for WordPress allows attackers to become admin and subsequently extract sensitive information and execute arbitrary code. This occurs because the attacker can change the e-mail address in the...

CVE-2007-3941

Cross-site scripting XSS vulnerability in profile.php in Jasmine CMS 1.01 allows remote authenticated users to inject arbitrary web script or HTML via the profileemail parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...