3 matches found
CVE-2026-40193 Maddy Mail Server: LDAP Filter Injection via Unsanitized Username
maddy is a composable, all-in-one mail server. Versions prior to 0.9.3 contain an LDAP injection vulnerability in the auth.ldap module where user-supplied usernames are interpolated into LDAP search filters and DN strings via strings.ReplaceAll without any LDAP filter escaping, despite the...
Telescope Cross-Site Scripting Vulnerability
Telescope is an open source, free platform for building social networking applications. A cross-site scripting vulnerability exists in versions of Telescope prior to 0.9.3. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...
CVE-2013-5645
Multiple cross-site scripting XSS vulnerabilities in Roundcube webmail before 0.9.3 allow user-assisted remote attackers to inject arbitrary web script or HTML via the body of a message visited in 1 new or 2 draft mode, related to compose.inc; and 3 might allow remote authenticated users to injec...