GHSA-HW87-6JCQ-9F8Q Mattermost doesn't enforce the PostEditTimeLimit on non-message post fields

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13 fail to enforce the PostEditTimeLimit on non-message post fields which allows an authenticated user to modify post file attachments, props, and pin status after the edit window has expired via the post patch and update API endpoints...

Mattermost doesn't enforce the PostEditTimeLimit on non-message post fields

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13 fail to enforce the PostEditTimeLimit on non-message post fields which allows an authenticated user to modify post file attachments, props, and pin status after the edit window has expired via the post patch and update API endpoints...

CVE-2026-4053

CVE-2026-4053 affects Mattermost 11.5.x (11.5.0–11.5.1) and 10.11.x (10.11.0–10.11.13). The issue is that the system fails to enforce the PostEditTimeLimit on non‑message post fields, allowing an authenticated user to modify post file attachments, props, and pin status after the edit window has e...

PT-2026-41348

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13 fail to enforce the PostEditTimeLimit on non-message post fields which allows an authenticated user to modify post file attachments, props, and pin status after the edit window has expired via the post patch and update API endpoints...

CVE-2026-43874

CVE-2026-43874 affects WWBN AVideo up to version 29.0, involving YPTSocket message handling. The server-side strip that removes autoEvalCodeOnHTML only targets $json['msg'] and not other outbound carriers; the relay logic prefers $msg['json'] when present, causing an unauthenticated attacker who ...

EUVD-2005-4217

Malware in sbrugna...

EUVD-2003-0278

Malware in sbrugna...

EUVD-2002-1442

Malware in sbrugna...

EUVD-2002-1441

Malware in sbrugna...

CVE-2024-49568 net/smc: check v2_ext_offset/eid_cnt/ism_gid_cnt when receiving proposal msg

In the Linux kernel, the following vulnerability has been resolved: net/smc: check v2extoffset/eidcnt/ismgidcnt when receiving proposal msg When receiving proposal msg in server, the fields v2extoffset/ eidcnt/ismgidcnt in proposal msg are from the remote client and can not be fully trusted...

kernel: Reserved fields in guest message responses may not be zero initialized

A flaw was found in some AMD CPUs where the guest message responses have not been zero-initialized. This issue may allow a local attacker with the ability to run arbitrary code on a container or virtual machine to discover sensitive information contained in the host system's memory...

CVE-2019-17123

The eGain Web Email API 11+ allows spoofed messages because the fromName and message fields to /system/ws/v11/ss/email are mishandled, as demonstrated by fromName header injection with a %0a or %0d character. Also, the message parameter can have initial HTML comment characters...

CVE-2017-11181

In Rise Ultimate Project Manager v1.8, XSS vulnerabilities were found in the Messaging section. Subject and Message fields are vulnerable...

Stored Cross-Site Scripting Vulnerability in yiqicms

Yiqicms is a marketing enterprise website system based on SEO-friendly development, using PHP+Mysql open source building system. Yiqicms front-end stored cross-site scripting vulnerabilities. As the foreground to receive msgtitle msgname failed to filter the output code , only msgcotent parameter...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the "Contact Us" functionality in MTCMS 2.2 allow remote attackers to inject arbitrary web script or HTML via the 1 message and 2 title fields...

CVE-2002-1708

Cross-site scripting vulnerability XSS in BasiliX Webmail 1.10 allows remote attackers to execute arbitrary script as other users by injecting script into the 1 subject or 2 message fields...

CVE-2002-1458

Cross-site scripting vulnerability in L-Forum 2.40 and earlier, when the "Enable HTML in messages" option is on, allows remote attackers to insert arbitrary script or HTML via message fields including 1 From, 2 E-Mail, 3 Subject and 4 Body...

Phorum 3.4.x - Message Form HTML Injection

Phorum 3.4.x - Message Form HTML Injection source: https://www.securityfocus.com/bid/7545/info An HTML injection issue has been reported which may lead to unauthorized code execution. It has been reported that it is possible to inject HTML or script code into the subject and other fields of a...

Phorum 3.4.x - 'Message Form' HTML Injection

source: https://www.securityfocus.com/bid/7545/info An HTML injection issue has been reported which may lead to unauthorized code execution. It has been reported that it is possible to inject HTML or script code into the subject and other fields of a message in Phorum. This may be done by includi...

CVE-2002-1458

Cross-site scripting vulnerability in L-Forum 2.40 and earlier, when the "Enable HTML in messages" option is on, allows remote attackers to insert arbitrary script or HTML via message fields including 1 From, 2 E-Mail, 3 Subject and 4 Body...