Lucene search
K

26 matches found

NVD
NVD
added 5 days ago10 views

CVE-2026-15191

A flaw has been found in mettle sendportal up to 3.0.1. This vulnerability affects unknown code of the file vendor/mettle/sendportal-core/src/Http/Requests/CampaignStoreRequest.php of the component Campaign Creation Endpoint. Executing a manipulation can lead to authorization bypass. The attack c...

6.5CVSS0.0022EPSS
Exploits0References6
NVD
NVD
added 5 days ago8 views

CVE-2026-15192

A vulnerability has been found in mettle sendportal up to 3.0.1. This issue affects the function sendgrid/postmark/postal/mailjet of the component APIv1 Webhooks. The manipulation leads to missing authentication. The attack is possible to be carried out remotely. The exploit has been disclosed to...

6.9CVSS0.00572EPSS
Exploits0References6
Cvelist
Cvelist
added 5 days ago26 views

CVE-2026-15192 mettle sendportal APIv1 Webhooks mailjet missing authentication

A vulnerability has been found in mettle sendportal up to 3.0.1. This issue affects the function sendgrid/postmark/postal/mailjet of the component APIv1 Webhooks. The manipulation leads to missing authentication. The attack is possible to be carried out remotely. The exploit has been disclosed to...

6.9CVSS0.00572EPSS
Exploits0References6
CVE
CVE
added 5 days ago7 views

CVE-2026-15192

CVE-2026-15192 affects mettle SendPortal up to version 3.0.1, targeting APIv1 Webhooks. The vulnerability involves the sendgrid/postmark/postal/mailjet functions, with missing authentication reported as remotely exploitable. Public disclosure and PoC–level exploit maturity are indicated, but no e...

6.9CVSS5.9AI score0.00572EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 5 days ago8 views

CVE-2026-15192

A vulnerability has been found in mettle sendportal up to 3.0.1. This issue affects the function sendgrid/postmark/postal/mailjet of the component APIv1 Webhooks. The manipulation leads to missing authentication. The attack is possible to be carried out remotely. The exploit has been disclosed to...

6.9CVSS5.3AI score0.00572EPSS
Exploits0References6Affected Software1
EUVD
EUVD
added 5 days ago6 views

EUVD-2026-42624

A vulnerability has been found in mettle sendportal up to 3.0.1. This issue affects the function sendgrid/postmark/postal/mailjet of the component APIv1 Webhooks. The manipulation leads to missing authentication. The attack is possible to be carried out remotely. The exploit has been disclosed to...

6.9CVSS5.9AI score0.00572EPSS
Exploits0References6
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-42619

A flaw has been found in mettle sendportal up to 3.0.1. This vulnerability affects unknown code of the file vendor/mettle/sendportal-core/src/Http/Requests/CampaignStoreRequest.php of the component Campaign Creation Endpoint. Executing a manipulation can lead to authorization bypass. The attack c...

6.5CVSS6.2AI score0.0022EPSS
Exploits0References6
CVE
CVE
added 5 days ago8 views

CVE-2026-15191

CVE-2026-15191 affects mettle sendportal up to 3.0.1, specifically the CampaignCreation Endpoint logic in vendor/mettle/sendportal-core/src/Http/Requests/CampaignStoreRequest.php. The flaw enables authorization bypass via manipulation of the Campaign Creation Endpoint. It is a remote network-expo...

6.5CVSS6.2AI score0.0022EPSS
Exploits0References6
Cvelist
Cvelist
added 5 days ago32 views

CVE-2026-15191 mettle sendportal Campaign Creation Endpoint CampaignStoreRequest.php authorization

A flaw has been found in mettle sendportal up to 3.0.1. This vulnerability affects unknown code of the file vendor/mettle/sendportal-core/src/Http/Requests/CampaignStoreRequest.php of the component Campaign Creation Endpoint. Executing a manipulation can lead to authorization bypass. The attack c...

6.5CVSS0.0022EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/02 4:1 p.m.11 views

CVE-2026-10234

A vulnerability was detected in Mettle sendportal up to 3.0.1. This affects an unknown part of the file /webview/ of the component Campaign Handler. The manipulation of the argument content results in cross site scripting. The attack can be launched remotely. The exploit is now public and may be...

5.1CVSS4.2AI score0.00203EPSS
Exploits0References1
NVD
NVD
added 2026/06/01 8:16 a.m.24 views

CVE-2026-10234

A vulnerability was detected in Mettle sendportal up to 3.0.1. This affects an unknown part of the file /webview/ of the component Campaign Handler. The manipulation of the argument content results in cross site scripting. The attack can be launched remotely. The exploit is now public and may be...

5.1CVSS0.00203EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/06/01 7:0 a.m.13 views

CVE-2026-10234 Mettle sendportal Campaign webview cross site scripting

A vulnerability was detected in Mettle sendportal up to 3.0.1. This affects an unknown part of the file /webview/ of the component Campaign Handler. The manipulation of the argument content results in cross site scripting. The attack can be launched remotely. The exploit is now public and may be...

5.1CVSS4.2AI score0.00203EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/01 7:0 a.m.14 views

EUVD-2026-33568

A vulnerability was detected in Mettle sendportal up to 3.0.1. This affects an unknown part of the file /webview/ of the component Campaign Handler. The manipulation of the argument content results in cross site scripting. The attack can be launched remotely. The exploit is now public and may be...

5.1CVSS4.2AI score0.00203EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/06/01 7:0 a.m.10 views

CVE-2026-10234

A vulnerability was detected in Mettle sendportal up to 3.0.1. This affects an unknown part of the file /webview/ of the component Campaign Handler. The manipulation of the argument content results in cross site scripting. The attack can be launched remotely. The exploit is now public and may be...

5.1CVSS4.2AI score0.00203EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2026/06/01 7:0 a.m.26 views

CVE-2026-10234

CVE-2026-10234 affects Mettle SendPortal (up to 3.0.1). The vulnerability is a cross-site scripting issue in an unknown part of the file path /webview/ within the Campaign Handler, caused by manipulation of the argument content. It can be exploited remotely, and the exploit is public. No remediat...

5.1CVSS4.2AI score0.00203EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.12 views

sendportal 代码注入漏洞

SendPortal is a self-hosted email marketing management tool developed by Mattel. Versions of SendPortal 3.0.1 and earlier had a code injection vulnerability. This vulnerability stemmed from incorrect handling of the content parameter by the Campaign Handler component in the /webview/ file, which...

5.1CVSS4.6AI score0.00203EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.19 views

PT-2026-45278

A vulnerability was detected in Mettle sendportal up to 3.0.1. This affects an unknown part of the file /webview/ of the component Campaign Handler. The manipulation of the argument content results in cross site scripting. The attack can be launched remotely. The exploit is now public and may be...

5.1CVSS4.2AI score0.00203EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/04/29 2:49 p.m.5 views

CVE-2026-7145

A weakness has been identified in mettle sendportal up to 3.0.1. Affected is the function destroy of the file app/Http/Controllers/Workspaces/WorkspaceInvitationsController.php of the component Invitation Handler. This manipulation of the argument invitation causes authorization bypass. The attac...

5.5CVSS5.4AI score0.00235EPSS
Exploits0References1
NVD
NVD
added 2026/04/27 6:16 p.m.11 views

CVE-2026-7145

A weakness has been identified in mettle sendportal up to 3.0.1. Affected is the function destroy of the file app/Http/Controllers/Workspaces/WorkspaceInvitationsController.php of the component Invitation Handler. This manipulation of the argument invitation causes authorization bypass. The attac...

5.5CVSS0.00235EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/04/27 5:45 p.m.4 views

CVE-2026-7145 mettle sendportal Invitation WorkspaceInvitationsController.php destroy authorization

A weakness has been identified in mettle sendportal up to 3.0.1. Affected is the function destroy of the file app/Http/Controllers/Workspaces/WorkspaceInvitationsController.php of the component Invitation Handler. This manipulation of the argument invitation causes authorization bypass. The attac...

5.5CVSS5.4AI score0.00235EPSS
Exploits0References5
Rows per page
Query Builder