6 matches found
CVE-2026-41910
OpenClaw before 2026.4.8 omits owner-only enforcement for cross-channel allowlist writes in the /allowlist endpoint. An authorized non-owner sender can bypass access controls to perform allowlist modifications against different channels, violating the intended trust model...
CVE-2026-21642
HackerOne community member Patrick Lang 7yr has reported a reflected XSS vulnerability in the banner-acl.php and channel-acl.php scripts of Revive Adserver. An attacker can craft a specific URL that includes an HTML payload in a parameter. If a logged in administrator visits the URL, the HTML is...
CVE-2026-21642
HackerOne community member Patrick Lang 7yr has reported a reflected XSS vulnerability in the banner-acl.php and channel-acl.php scripts of Revive Adserver. An attacker can craft a specific URL that includes an HTML payload in a parameter. If a logged in administrator visits the URL, the HTML is...
Revive Adserver: Reflected XSS in banner-acl.php and channel-acl.php via executionorder
Vulnerability description not provided...
Mattermost Confluence Plugin has Missing Authorization vulnerability
Mattermost Confluence Plugin versions 1.5.0 fail to check user access to the channel, which allows attackers to get channel subscription details without proper access to the channel via an API call to the Get Channel Subscriptions details endpoint...
CVE-2025-44001
CVE-2025-44001 concerns the Mattermost Confluence Plugin where versions