Unspecified Vulnerability in StudioCMS

StudioCMS is StudioCMS open source a content management system . A security vulnerability exists in StudioCMS that can be exploited by an attacker to cause any authenticated user to modify the notification preferences of other users...

EUVD-2026-11373

StudioCMS: IDOR in User Notification Preferences Allows Any Authenticated User to Modify Any User's Settings...

GHSA-9V82-XRM4-MP52 StudioCMS: IDOR in User Notification Preferences Allows Any Authenticated User to Modify Any User's Settings

Summary The updateUserNotifications endpoint accepts a user ID from the request payload and uses it to update that user's notification preferences. It checks that the caller is logged in but never verifies that the caller owns the target account id !== userData.user.id. Any authenticated visitor...

CVE-2026-32104

StudioCMS suffers an IDOR in updateUserNotifications prior to version 0.4.3: any authenticated user can modify another user’s notification preferences because the endpoint validates login but not ownership (id !== userData.user.id). This can enable, for example, suppression of admin notifications...

CVE-2026-32104 StudioCMS: IDOR in User Notification Preferences Allows Any Authenticated User to Modify Any User's Settings

StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.4.3, the updateUserNotifications endpoint accepts a user ID from the request payload and uses it to update that user's notification preferences. It checks that the caller is logged in but never...

StudioCMS 安全漏洞

StudioCMS is StudioCMS open source a content management system . A security vulnerability exists in StudioCMS that can be exploited by an attacker to cause any authenticated user to modify the notification preferences of other users...

CVE-2023-29210

XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with view rights on commonly accessible documents including the notification preferences macros can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki...

EUVD-2023-1364

Malicious code in bioql PyPI...

CVE-2023-29210 org.xwiki.platform:xwiki-platform-notifications-ui Eval Injection vulnerability

XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with view rights on commonly accessible documents including the notification preferences macros can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki...

XWiki Commons 代码注入漏洞

XWiki Commons is a technology library shared by several other top XWiki projects. A security vulnerability exists in XWiki Commons, which stems from the fact that any user with view access to normally accessible documentation, including notification preference macros, can execute arbitrary Groovy...

New Relic: Privilege Escalation in Default Notification Preferences

Hello, I would like to report about Privilege Escalation on rpm.newrelic.com domain. You can change other company's user default notification preferences. In order to reproduce it, do the following steps: 1 Login as company administrator 2 Navigate to...