2 matches found
CVE-2026-47175
Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.4, several moderation commands echo user-controlled reason text in public bot replies without disabling mention parsing. A moderator who does not have permission to mention everyone can...
CVE-2026-47173
Quest Bot (Discord bot) prior to v1.0.3 is vulnerable: a normal user can create a ticket with a reason containing @everyone/@here, user or role mentions, causing the attacker-controlled reason to be posted in the new ticket channel if mentions are not suppressed. If the bot has permission to use ...