22 matches found
Improper Access Control
github.com/mattermost/mattermost-server is vulnerable to improper access control. The vulnerability is due to failure in enforcing the "Allow users to view archived channels" setting, which allows an attacker to access archived channel content and files via the "Open in Channel" functionality fro...
GO-2025-4131 Mattermost allows regular users to access archived channel content and files in github.com/mattermost/mattermost-server
Mattermost allows regular users to access archived channel content and files in github.com/mattermost/mattermost-server...
Mattermost allows regular users to access archived channel content and files
Mattermost versions 11.0 fail to properly enforce the "Allow users to view archived channels" setting which allows regular users to access archived channel content and files via the "Open in Channel" functionality from followed threads...
GHSA-X3HX-CH7P-8XGG Mattermost allows regular users to access archived channel content and files
Mattermost versions 11.0 fail to properly enforce the "Allow users to view archived channels" setting which allows regular users to access archived channel content and files via the "Open in Channel" functionality from followed threads...
Incorrect Authorization
Overview github.com/mattermost/mattermost/server/channels/app is a private-cloud Slack alternative Affected versions of this package are vulnerable to Incorrect Authorization due to improper enforcement of the Allow users to view archived channels setting in the threads interface. An attacker can...
DRUPAL-CONTRIB-2025-112
CivicTheme is a design system and theme framework used to build content-rich Drupal websites. It includes editorial workflows, structured content types, and flexible theming components. The theme doesn't sufficiently check access to entities when they are displayed as reference cards used in manu...
CivicTheme Design System - Moderately critical - Information disclosure - SA-CONTRIB-2025-112
CivicTheme is a design system and theme framework used to build content-rich Drupal websites. It includes editorial workflows, structured content types, and flexible theming components. The theme doesn't sufficiently check access to entities when they are displayed as reference cards used in manu...
EUVD-2024-45976
Malicious code in bioql PyPI...
CVE-2024-52944
An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24698. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting while viewing archived content. This could reflect back to an authenticated user witho...
CVE-2024-52943
An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24697. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting XSS while viewing archived content. This could reflect back to an authenticated user...
CVE-2024-52943
An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24697. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting XSS while viewing archived content. This could reflect back to an authenticated user...
CVE-2024-52942
An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24696. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting XSS while viewing archived content. This could reflect back to an authenticated user...
Veritas Enterprise Vault 安全漏洞
Veritas Enterprise Vault is a Veritas platform for capturing, archiving, and discovering information across all communications platforms. A security vulnerability exists in Veritas Enterprise Vault versions prior to 15.1 UPD882911, which stems from a vulnerability that allows an authenticated,...
CVE-2024-52943
An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24697. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting XSS while viewing archived content. This could reflect back to an authenticated user...
CVE-2024-52942
An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24696. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting XSS while viewing archived content. This could reflect back to an authenticated user...
CVE-2024-52942
Veritas Enterprise Vault is affected prior to 15.1 UPD882911. The HTMLView endpoint allows an authenticated attacker to inject data into HTTP requests, enabling reflected XSS when viewing archived content. Root cause: insufficient validation of user-supplied data in HTMLView. Impact: XSS could be...
CVE-2024-52944
An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24698. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting while viewing archived content. This could reflect back to an authenticated user witho...
PT-2024-35492 · Veritas · Veritas Enterprise Vault
Name of the Vulnerable Software and Affected Versions: Veritas Enterprise Vault versions prior to 15.1 UPD882911 Description: The issue allows an authenticated remote attacker to inject a parameter into an HTTP request, enabling Cross-Site Scripting XSS while viewing archived content. This could...
PT-2024-35493 · Veritas · Veritas Enterprise Vault
Name of the Vulnerable Software and Affected Versions: Veritas Enterprise Vault versions prior to 15.1 UPD882911 Description: An issue allows an authenticated remote attacker to inject a parameter into an HTTP request, enabling Cross-Site Scripting XSS while viewing archived content. This could...
PT-2024-35494 · Veritas · Veritas Enterprise Vault
Name of the Vulnerable Software and Affected Versions: Veritas Enterprise Vault versions prior to 15.1 UPD882911 Description: An issue allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting XSS while viewing archived content. This cou...