2 matches found
CVE-2026-42547
CVE-2026-42547 affects IRIS (web collaborative platform). In versions prior to 2.4.28, users can create alerts for customers not assigned to them, enabling false attribution of alerts. When combined with Cross-Site Scripting, this may also allow exfiltration of alerts between customers. The advis...
CVE-2026-42547 IRIS Alerts Can be Falsely Attributed to Customers
IRIS is a web collaborative platform that helps incident responders share technical details during investigations. In versions prior to 2.4.28, users can create alerts for customers that are not assigned to them. This can be abused to falsely attribute fake alerts to customers. In combination wit...