10 matches found
Insufficient Session Expiration
Overview Affected versions of this package are vulnerable to Insufficient Session Expiration due to the failure to revoke existing authenticated sessions after a password reset or password change process. An attacker can maintain unauthorized access to an account by reusing a previously obtained...
GHSA-JMR4-P576-V565 listmonk Vulnerable to Stored XSS Leading to Admin Account Takeover
Security Advisory: Stored XSS Leading to Admin Account Takeover Affected Versions: β€ 5.1.0 Vulnerability Type: CWE-79: Stored Cross-Site Scripting --- Summary A lower-privileged user with campaign management permissions can inject malicious JavaScript into campaigns or templates. When a...
CVE-2025-58430
CVE-2025-58430 affects listmonk (up to version 1.1.0). The vulnerability arises because each HTTP request includes a nonce in addition to the session cookie, and the nonce value is not checked/validated by the backend, enabling request forgery. When chained with other flaws (CSRF and XSS), this c...
GO-2025-3745 listmonk's Sprig template Injection vulnerability leads to reading of Environment Variable for low privilege user in github.com/knadh/listmonk
listmonk's Sprig template Injection vulnerability leads to reading of Environment Variable for low privilege user in github.com/knadh/listmonk. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is...
Environment Variable Exposure
github.com/knadh/listmonk is vulnerable to Environment Variable Exposure. The vulnerability is due to the use of env and expandenv template functions in Sprig, which allows non-super-admin users to capture sensitive environment variables in multi-user installations...
CVE-2025-49136
CVE-2025-49136 affects Listmonk before v5.0.2 where Sprig template functions env and expandenv are enabled by default, enabling non-super-admin users (with campaign/template permissions) to read host environment variables via campaign previews. Public reports and the connected Metasploit auxiliar...
CVE-2025-49136 listmonk's Sprig template Injection vulnerability leads to reading of Environment Variable for low privilege user
listmonk is a standalone, self-hosted, newsletter and mailing list manager. Starting in version 4.0.0 and prior to version 5.0.2, the env and expandenv template functions which is enabled by default in Sprig enables capturing of env variables on host. While this may not be a problem on single-use...
CVE-2025-49136 listmonk's Sprig template Injection vulnerability leads to reading of Environment Variable for low privilege user
listmonk is a standalone, self-hosted, newsletter and mailing list manager. Starting in version 4.0.0 and prior to version 5.0.2, the env and expandenv template functions which is enabled by default in Sprig enables capturing of env variables on host. While this may not be a problem on single-use...
listmonk's Sprig template Injection vulnerability leads to reading of Environment Variable for low privilege user
Summary The env and expandenv template functions which is enabled by default in Sprig enables capturing of env variables on the host. While this may not be a problem on single-user super admin installations, on multi-user installations, this allows non-super-admin users with campaign or template...
CVE-2025-46011
Listmonk v4.1.0 fixed in v5.0.0 is vulnerable to SQL Injection in the QuerySubscribers function which allows attackers to escalate privileges...