18 matches found
PortSwigger Web Security: HTML Injection in DAST Trial Request Form Confirmation Email – PortSwigger
A vulnerability was discovered in the DAST trial request form on the website, where user input in the "First Name" field was not properly sanitized before being included in confirmation emails. This allowed the injection of arbitrary HTML content, which would be rendered in the recipient's email...
GHSA-5CX4-W4FH-FR57 Moodle Affected by Improper Restriction of Excessive Authentication Attempts
A flaw was found in Moodle. A remote attacker could exploit a lack of proper rate limiting in the confirmation email service. This vulnerability allows attackers to more easily enumerate or guess user credentials, facilitating brute-force attacks against user accounts...
CVE-2025-67853
A flaw was found in Moodle. A remote attacker could exploit a lack of proper rate limiting in the confirmation email service. This vulnerability allows attackers to more easily enumerate or guess user credentials, facilitating brute-force attacks against user accounts...
EUVD-2025-206748
A flaw was found in Moodle. A remote attacker could exploit a lack of proper rate limiting in the confirmation email service. This vulnerability allows attackers to more easily enumerate or guess user credentials, facilitating brute-force attacks against user accounts...
PT-2026-5962
Name of the Vulnerable Software and Affected Versions Moodle affected versions not specified Description A flaw exists in Moodle related to insufficient rate limiting within the confirmation email service. This allows attackers to more easily enumerate or guess user credentials, potentially...
Moodle 安全漏洞
Moodle is an open-source e-learning software platform developed by Moodle Foundation. It is also known as a course management system, learning management system, or virtual learning environment. Moodle has security vulnerabilities. These vulnerabilities stem from the lack of appropriate rate limi...
CVE-2025-67853
A flaw was found in Moodle. A remote attacker could exploit a lack of proper rate limiting in the confirmation email service. This vulnerability allows attackers to more easily enumerate or guess user credentials, facilitating brute-force attacks against user accounts...
CVE-2025-54879
Mastodon is a free, open-source social network server based on ActivityPub Mastodon which facilitates LDAP configuration for authentication. In versions 3.1.5 through 4.2.24, 4.3.0 through 4.3.11 and 4.4.0 through 4.4.3, Mastodon's rate-limiting system has a critical configuration error where the...
CVE-2025-54879
CVE-2025-54879 affects Mastodon when using the email-based confirmation throttle. The root cause is a misconfiguration in Mastodon’s rate-limiting: the email throttle checks the password-reset path instead of the confirmation path, effectively disabling per-email limits for confirmation requests....
CVE-2025-54879 Mastodon e‑mail throttle misconfiguration allows unlimited email confirmations against unconfirmed emails
Mastodon is a free, open-source social network server based on ActivityPub Mastodon which facilitates LDAP configuration for authentication. In versions 3.1.5 through 4.2.24, 4.3.0 through 4.3.11 and 4.4.0 through 4.4.3, Mastodon's rate-limiting system has a critical configuration error where the...
CVE-2025-54879 Mastodon e‑mail throttle misconfiguration allows unlimited email confirmations against unconfirmed emails
Mastodon is a free, open-source social network server based on ActivityPub Mastodon which facilitates LDAP configuration for authentication. In versions 3.1.5 through 4.2.24, 4.3.0 through 4.3.11 and 4.4.0 through 4.4.3, Mastodon's rate-limiting system has a critical configuration error where the...
CVE-2024-53860
sp-php-email-handler is a PHP package for handling contact form submissions. Messages sent using this script are vulnerable to abuse, as the script allows anybody to specify arbitrary email recipients and include user-provided content in confirmation emails. This could enable malicious actors to...
GHSA-MJ5R-X73Q-FJW6 SPEmailHandler-PHP has Potential Abuse for Sending Arbitrary Emails
Impact Messages sent using this script are vulnerable to abuse, as the script allows anybody to specify arbitrary email recipients and include user-provided content in confirmation emails. This could enable malicious actors to use your server to send spam, phishing emails, or other malicious...
SPEmailHandler-PHP has Potential Abuse for Sending Arbitrary Emails
Impact Messages sent using this script are vulnerable to abuse, as the script allows anybody to specify arbitrary email recipients and include user-provided content in confirmation emails. This could enable malicious actors to use your server to send spam, phishing emails, or other malicious...
CVE-2024-53860 Potential Abuse for Sending Arbitrary Emails in sp-php-email-handler
sp-php-email-handler is a PHP package for handling contact form submissions. Messages sent using this script are vulnerable to abuse, as the script allows anybody to specify arbitrary email recipients and include user-provided content in confirmation emails. This could enable malicious actors to...
CVE-2024-53860
CVE-2024-53860 concerns sp-php-email-handler, a PHP package for handling contact forms. The vulnerability allows anyone to specify arbitrary email recipients and inject user-provided content into confirmation emails, enabling abuse such as spam or phishing from the affected server and risking dom...
UBUNTU-CVE-2021-36402
In Moodle, Users' names required additional sanitizing in the account confirmation email, to prevent a self-registration phishing risk...
GitLab Resource Management Error Vulnerability (CNVD-2020-63397)
GitLab is a Ruby on Rails developed, self-hosted, Git version control system project repository application from GitLab, Inc. The program can be used to access the project's file contents, commit history, bug list , etc. Git is a free, open source distributed version control system. A security...