4 matches found
Cross site scripting
Vtiger CRM v7.4.0 was discovered to contain a stored cross-site scripting XSS vulnerability via the e-mail template modules...
Design/Logic Flaw
An issue was discovered in FusionAuth before 1.11.0. An authenticated user, allowed to edit e-mail templates Home - Settings - Email Templates or themes Home - Settings - Themes, can execute commands on the underlying operating system by abusing freemarker.template.utility.Execute in the Apache...
Session fixation
Magento Community Edition and Enterprise Edition before 2.0.10 and 2.1.x before 2.1.2 have XSS via e-mail templates that are mishandled during a preview, aka APPSEC-1503...
CVE-2016-10704
CVE-2016-10704 affects Magento Community Edition and Enterprise Edition before versions 2.0.10 (CE) and 2.1.x before 2.1.2. The issue is an XSS in email templates that is mishandled during preview (APPSEC-1503). Root cause: crafted input in email template preview can be reflected in rendered cont...