2 matches found
CVE-2025-10696
OpenSupports exposes an endpoint that allows the list of 'supervised users' for any account to be edited, but it does not validate whether the actor is the owner of that list. A Level 1 staff member can modify the supervision relationship of a third party the target user, who can then view the...
PT-2025-40599
Name of the Vulnerable Software and Affected Versions OpenSupports version 4.11.0 Description The software exposes an endpoint that allows modification of the 'supervised users' list for any account without verifying ownership. This allows a Level 1 staff member to alter the supervision...