66 matches found
CVE-2024-45051
CVE-2024-45051 affects Discourse: a vulnerability that lets an attacker bypass domain-based restrictions by using a maliciously crafted (encoded) email address, enabling access to private sites, categories and groups. Connected sources confirm this is a Discourse authorization bypass tied to how ...
Casdoor has reflected XSS in QrCodePage.js (GHSL-2024-036)
Casdoor is a UI-first Identity and Access Management IAM / Single-Sign-On SSO platform. In Casdoor 1.577.0 and earlier, he purchase URL that is created to generate a WechatPay QR code is vulnerable to reflected XSS. When purchasing an item through casdoor, the product page allows you to pay via...
GitLab < 16.9.6 / 16.10 < 16.10.4 / 16.11 < 16.11.1 (CVE-2024-1347)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab CE/EE affecting all versions before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1. Under certain...
CVE-2024-1347
A flaw was found in GitLab CE/EE. Under certain conditions, an attacker, through a crafted email address, can bypass domain-based restrictions on an instance or a group. This issue affects all versions through 16.9.6, 16.10 through 16.10.4, and 16.11 through 16.11.1...
CVE-2023-48465
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting DOM-based XSS vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the...
CVE-2023-48454
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting DOM-based XSS vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the...
PT-2023-7853 · Adobe · Experience Manager
Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.18 and earlier Description: The issue is related to a Cross-site Scripting DOM-based XSS vulnerability. It can be exploited if a low-privileged attacker convinces a victim to visit a URL referencing a...
CVE-2023-3294
Cross-site Scripting XSS - DOM in GitHub repository saleor/react-storefront prior to c29aab226f07ca980cc19787dcef101e11b83ef7...
SUSE CVE-2019-11340
util/emailutils.py in Matrix Sydent before 1.0.2 mishandles registration restrictions that are based on e-mail domain, if the allowedlocal3pids option is enabled. This occurs because of potentially unwanted behavior in Python, in which an email.utils.parseaddr call on...
SUSE CVE-2022-3620
A vulnerability was found in Exim and classified as problematic. This issue affects the function dmarcdnslookup of the file dmarc.c of the component DMARC Handler. The manipulation leads to use after free. The attack may be initiated remotely. The name of the patch is...
[SECURITY] Fedora 34 Update: opendmarc-1.4.0-1.fc34
OpenDMARC Domain-based Message Authentication, Reporting & Conformance provides an open source library that implements the DMARC verification service plus a milter-based filter application that can plug in to any milter-aware MTA, including sendmail, Postfix, or any other MTA that suppor ts the...
Rapid7's 2021 ICER Takeaways: Email Security Among the Fortune 500
This blog post covers key takeaways from our 2021 Industry Cyber-Exposure Report ICER: Fortune 500. Original analysis for these findings was conducted by Kwan Lin. We all know and love—or at least begrudgingly rely upon—email. It is a pillar of modern communications, but is unfortunately also...
Malwarebytes: No SPF/DMARC records on mb-cosmos.com
The domain mb-cosmos.com lacked SPF and DMARC records, allowing email spoofing. Emails appeared to originate from the domain without authentication. This vulnerability was reported as a security issue...
DEBIAN-CVE-2020-12460
OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 has improper null termination in the function opendmarcxmlparse that can result in a one-byte heap overflow in opendmarcxml when parsing a specially crafted DMARC aggregate report. This can cause remote memory corruption when a '\0' byte...
CVE-2018-21252
An issue was discovered in Mattermost Server before 5.2, 5.1.1, 5.0.3, and 4.10.3. Attackers could use multiple e-mail addresses to bypass a domain-based policy for signups...
CVE-2018-21252
An issue was discovered in Mattermost Server before 5.2, 5.1.1, 5.0.3, and 4.10.3. Attackers could use multiple e-mail addresses to bypass a domain-based policy for signups...
Security feature bypass
An issue was discovered in Mattermost Server before 5.2, 5.1.1, 5.0.3, and 4.10.3. Attackers could use multiple e-mail addresses to bypass a domain-based policy for signups...
CVE-2018-21252
An issue was discovered in Mattermost Server before 5.2, 5.1.1, 5.0.3, and 4.10.3. Attackers could use multiple e-mail addresses to bypass a domain-based policy for signups...
CVE-2020-14214
Zammad before 3.3.1, when Domain Based Assignment is enabled, relies on a claimed e-mail address for authorization decisions. An attacker can register a new account that will have access to all tickets of an arbitrary Organization...
Authorization
Zammad before 3.3.1, when Domain Based Assignment is enabled, relies on a claimed e-mail address for authorization decisions. An attacker can register a new account that will have access to all tickets of an arbitrary Organization...