3534 matches found
Trello: Payments informations are sent to the webhook when a team changes its visibility
If an attacker installed a webhook on an team, and the team subsequently changed it's visibility from private to public, the payload sent to the webhook to notify it of the visibility change could potentially have disclosed some information that the attacker shouldn't have had access to. For paid...
Slack: User impersonation is possible with incoming webhooks
Using the incoming webhook service it is possible to send messages to the team from an arbitrary username. A malicious user could modify the image of the webhook service to match an existing user and then send a message with the username of an existing user. Other users would not be able to tell...
CVE-2012-5551
Multiple cross-site scripting XSS vulnerabilities in the MailChimp module 7.x-2.x before 7.x-2.7 for Drupal allow remote attackers to inject arbitrary web script or HTML via vectors related to 1 a predictable "webhook URL key" and 2 improper sanitization of "Webhook variables from POST requests."...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the MailChimp module 7.x-2.x before 7.x-2.7 for Drupal allow remote attackers to inject arbitrary web script or HTML via vectors related to 1 a predictable "webhook URL key" and 2 improper sanitization of "Webhook variables from POST requests."...
SA-CONTRIB-2012-158 - MailChimp - Cross Site Scripting (XSS)
This module provides integration with the MailChimp email delivery service. There are two issues with the webhook processing, which is exposed as an API in mailchimp.module and used by mailchimplists.module to update subscriber information. The webhook URL key can be trivially calculated. Webhook...
CVE-2026-45754: Mailjet Mailer and LOX24 Notifier Webhook Parsers Never Verify the Configured Secret: Unauthenticated Webhook Event Injection
More info at https://symfony.com/cve-2026-45754...
CVE-2026-48747: Mailomat Mailer Webhook Parser Reads the HMAC Algorithm from the Request: Signature Algorithm Downgrade
More info at https://symfony.com/cve-2026-48747...
CVE-2026-45754: Mailjet Mailer and LOX24 Notifier Webhook Parsers Never Verify the Configured Secret: Unauthenticated Webhook Event Injection
More info at https://symfony.com/cve-2026-45754...
CVE-2026-45755: Mailtrap Mailer Webhook Parser Never Verifies the X-Mt-Signature HMAC: Unauthenticated Webhook Event Injection
More info at https://symfony.com/cve-2026-45755...
CVE-2026-45755: Mailtrap Mailer Webhook Parser Never Verifies the X-Mt-Signature HMAC: Unauthenticated Webhook Event Injection
More info at https://symfony.com/cve-2026-45755...
CVE-2026-47212: Twilio Notifier Webhook Parser Never Verifies the X-Twilio-Signature HMAC: Unauthenticated Webhook Event Injection
More info at https://symfony.com/cve-2026-47212...
CVE-2026-45754: Mailjet Mailer and LOX24 Notifier Webhook Parsers Never Verify the Configured Secret: Unauthenticated Webhook Event Injection
More info at https://symfony.com/cve-2026-45754...
CVE-2026-47212: Twilio Notifier Webhook Parser Never Verifies the X-Twilio-Signature HMAC: Unauthenticated Webhook Event Injection
More info at https://symfony.com/cve-2026-47212...
CVE-2026-48747: Mailomat Mailer Webhook Parser Reads the HMAC Algorithm from the Request: Signature Algorithm Downgrade
More info at https://symfony.com/cve-2026-48747...