Lucene search
K

9 matches found

Vulnrichment
Vulnrichment
added 2026/06/11 1:32 p.m.12 views

CVE-2026-8406 openSIS Classic 9.3 - Insecure Direct Object Reference in Sent Mail

openSIS Classic 9.3 contains an insecure direct object reference vulnerability in the messaging module. Any authenticated user with access to the messaging module can request sent-message details from modules/messaging/SentMail.php by supplying an arbitrary mailid value...

7.1CVSS5.6AI score0.00238EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/11 1:32 p.m.12 views

EUVD-2026-36245

openSIS Classic 9.3 contains an insecure direct object reference vulnerability in the messaging module. Any authenticated user with access to the messaging module can request sent-message details from modules/messaging/SentMail.php by supplying an arbitrary mailid value...

7.1CVSS5.6AI score0.00238EPSS
Exploits0References3
Snyk
Snyk
added 2024/12/20 6:31 p.m.2 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization through the manipulation of the notification ID in the request URL by a logged-in attacker. This issue due to insufficient authorization checks, enabling attackers to view sensitive mail details belonging to othe...

5.3CVSS6.7AI score0.00274EPSS
Exploits0References3
Snyk
Snyk
added 2024/12/20 6:31 p.m.3 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization through the manipulation of the notification ID in the request URL by a logged-in attacker. This issue due to insufficient authorization checks, enabling attackers to view sensitive mail details belonging to othe...

5.3CVSS6.7AI score0.00274EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/12/20 12:0 a.m.9 views

CVE-2024-55186

An IDOR Insecure Direct Object Reference vulnerability exists in oqtane Framework 6.0.0, allowing a logged-in user to access inbox messages of other users by manipulating the notification ID in the request URL. By changing the notification ID, an attacker can view sensitive mail details belonging...

4.5AI score0.00274EPSS
Exploits0References2
CVE
CVE
added 2024/12/20 12:0 a.m.57 views

CVE-2024-55186

CVE-2024-55186 affects Oqtane Framework 6.0.0 with an insecure direct object reference (IDOR): a logged-in user can access other users’ inbox messages by manipulating the notification ID in the request URL, exposing sensitive mail details. The issue is documented across multiple sources (Red Hat,...

4.3CVSS6.7AI score0.00274EPSS
Exploits0References2
Prion
Prion
added 2018/06/26 2:29 p.m.24 views

Cross site scripting

Stored cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML 'E-mail Details Screen' via unspecified vectors...

4.3CVSS5.8AI score0.00809EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2018/06/26 2:29 p.m.20 views

CVE-2018-0557

Stored cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML 'E-mail Details Screen' via unspecified vectors...

6.1CVSS5.9AI score0.00809EPSS
Exploits0References2
Cvelist
Cvelist
added 2018/06/26 2:0 p.m.24 views

CVE-2018-0557

Stored cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML 'E-mail Details Screen' via unspecified vectors...

5.9AI score0.00809EPSS
Exploits0References2
Rows per page
Query Builder