5 matches found
EUVD-2026-33278
Mautic has an Authorization Bypass in API v2 Endpoints...
Incorrect Authorization
Overview mautic/plugin-focus is a Focus Plugin Affected versions of this package are vulnerable to Incorrect Authorization in the enforcement of owner-scope permissions such as viewown or editown. An attacker can gain unauthorized access or modify resources belonging to other users by exploiting...
Stored XSS on user "Edit own profile" function
Description An attacker can inject malicious executable scripts into the code of the Social media field Proof of Concept Log in as a Member user, access My profile - Edit own profile function, insert this payload to any field " autofocus onfocus=promptdocument.domain then click Save. Access the...
DRUPAL-CONTRIB-2020-014
This module enables you to build forms and surveys in Drupal. The module doesn't sufficiently filter user input under in the scenario when a webform is edited, namely the message related to character min/max counter does not undergo sufficient filtering and thus allows execution of JavaScript cod...
DRUPAL-CONTRIB-2020-011
This module enables you to build forms and surveys in Drupal. The module doesn't sufficiently filter webform element properties attributes under the scenario of editing a webform. Malicious user could craft such an attribute element\validate, for example that would invoke execution of undesired P...