Incorrect Authorization

Overview mautic/plugin-focus is a Focus Plugin Affected versions of this package are vulnerable to Incorrect Authorization in the enforcement of owner-scope permissions such as viewown or editown. An attacker can gain unauthorized access or modify resources belonging to other users by exploiting...

EUVD-2026-33278

An authorization bypass vulnerability exists in the Mautic 7 API v2 endpoints utilizing API Platform. Under certain conditions, roles configured with owner-scope restrictions such as viewown or editown are not properly enforced. This allows low-privilege authenticated API users to bypass...

Stored XSS on user "Edit own profile" function

Description An attacker can inject malicious executable scripts into the code of the Social media field Proof of Concept Log in as a Member user, access My profile - Edit own profile function, insert this payload to any field " autofocus onfocus=promptdocument.domain then click Save. Access the...

DRUPAL-CONTRIB-2020-014

This module enables you to build forms and surveys in Drupal. The module doesn't sufficiently filter user input under in the scenario when a webform is edited, namely the message related to character min/max counter does not undergo sufficient filtering and thus allows execution of JavaScript cod...

DRUPAL-CONTRIB-2020-011

This module enables you to build forms and surveys in Drupal. The module doesn't sufficiently filter webform element properties attributes under the scenario of editing a webform. Malicious user could craft such an attribute element\validate, for example that would invoke execution of undesired P...