CVE-2026-10729

An HTML injection vulnerability in the notification email for "Slow Redirect" and "Cloned Website" Canarytokens exists in Thinkst Applied Research Canarytokens, enabling Interface Manipulation, Cross-Site Scripting XSS in emails clients that render HTML emails. This issue affects Canarytokens: fr...

EUVD-2026-19925

Cronicle is a multi-server task scheduler and runner, with a web based front-end UI. Prior to 0.9.111, jb child processes can include an updateevent key in their JSON output. The server applies this directly to the parent event's stored configuration without any authorization check. A low-privile...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the notification email process. An attacker can mislead recipients into visiting attacker-controlled domains by setting a specially crafted nickname that is rendered as a clickable link in notification email...

EUVD-2020-5537

Malware in sbrugna...

BookStack Incorrect Access Control vulnerability

Incorrect access control in BookStack before v24.05.1 allows attackers to confirm existing system users and perform targeted notification email DoS via public facing forms...

GitLab < 12.9.8 (CVE-2020-13276)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - User is allowed to set an email as a notification email even without verifying the new email in all previous GitLab CE/EE versions through 13.0.1 CVE-2020-13276 Note that Nessus has not tested for thi...

GHSA-HGR6-6HHW-883F Liferay Portal Calendar module and Liferay DXP vulnerable to Cross-site Scripting, content spoofing

The Calendar module in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions does not escape user supplied data in the default notification email template, which allows remote...

CVE-2024-25151

CVE-2024-25151 affects Liferay Portal 7.2.0–7.4.2 and Liferay DXP 7.3 before SP3, 7.2 before FP15, and older versions. The Calendar module does not escape user-supplied data in the default notification email template, enabling remote authenticated users to inject script/HTML via the calendar even...

CVE-2024-25151

The Calendar module in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions does not escape user supplied data in the default notification email template, which allows remote...

changanlawfirm.com Cross Site Scripting vulnerability OBB-3775893

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

datashop24.com Cross Site Scripting vulnerability OBB-2164538

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

ebnerstolz.de Cross Site Scripting vulnerability OBB-2163416

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2020-36410

A stored cross scripting XSS vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Email address to receive notification of news submission" parameter under the "Options" module...

made.com Cross Site Scripting vulnerability OBB-1958822

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| made.com ---|--- Open Bug Bounty...

Webform - Moderately critical - Access bypass - SA-CONTRIB-2021-004

The Webform module for Drupal 8/9 includes a default Contact webform, which sends a notification email to the site owner and a confirmation email to the email address supplied via the form. The confirmation email can be used as an open mail relay to send an email to any email address. This...

CVE-2021-21512

Dell EMC PowerProtect Cyber Recovery, version 19.7.0.1, contains an Information Disclosure vulnerability. A locally authenticated high privileged Cyber Recovery user may potentially exploit this vulnerability leading to the takeover of the notification email account...

CVE-2021-21512

Dell EMC PowerProtect Cyber Recovery, version 19.7.0.1, contains an Information Disclosure vulnerability. A locally authenticated high privileged Cyber Recovery user may potentially exploit this vulnerability leading to the takeover of the notification email account...

Information disclosure

Dell EMC PowerProtect Cyber Recovery, version 19.7.0.1, contains an Information Disclosure vulnerability. A locally authenticated high privileged Cyber Recovery user may potentially exploit this vulnerability leading to the takeover of the notification email account...

Dell EMC PowerProtect 信息泄露漏洞

Dell EMC PowerProtect is an application from Dell Japan. It is used by companies to protect, manage and recover their most critical application data. An information disclosure vulnerability exists in Dell EMC PowerProtect Cyber Recovery version 19.7.0.1. The vulnerability arises from errors such ...

prestonpc.org.uk Cross Site Scripting vulnerability OBB-1425602

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...