CVE-2026-25783 Denial of service via malformed User-Agent header in getBrowserVersion

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to properly validate User-Agent header tokens which allows an authenticated attacker to cause a request panic via a specially crafted User-Agent header. Mattermost Advisory ID: MMSA-2026-00586...

CVE-2017-1000428

flatCore-CMS 1.4.6 is vulnerable to reflected XSS in usermanagement.php due to the use of $SERVER'PHPSELF' to build links and a stored XSS in the admin log panel by specifying a malformed User-Agent string...

flatCore-CMS Cross-Site Scripting Vulnerability

flatCore-CMS is a Web Content Management System CMS based on PHP5 and SQLite3. A cross-site scripting vulnerability exists in the admin log panel in flatCore-CMS version 1.4.6. A remote attacker can exploit the vulnerability by injecting arbitrary web script followed by HTML with the help of a...

CVE-2017-1000428

flatCore-CMS 1.4.6 is vulnerable to reflected XSS in usermanagement.php due to the use of $SERVER'PHPSELF' to build links and a stored XSS in the admin log panel by specifying a malformed User-Agent string...