9 matches found
CVE-2026-44707
Chatwoot is a customer engagement suite. From 2.14.0 to before 4.13.0, a Pre-Account Takeover Pre-ATO vulnerability existed in Chatwoot's authentication flow. Because email confirmation was not enforced before an account became usable, an attacker could pre-register an email address they did not...
EUVD-2026-31916
Chatwoot is a customer engagement suite. From 2.14.0 to before 4.13.0, a Pre-Account Takeover Pre-ATO vulnerability existed in Chatwoot's authentication flow. Because email confirmation was not enforced before an account became usable, an attacker could pre-register an email address they did not...
CVE-2025-64400
Control Panel provides an API for pre-registering into an enrollment and organization prior to a user's first login. The API for creating users checks that the account requesting a user creation has edit on the enrollment-level user directory, but is missing a separate check that the enrollment...
PT-2025-52292
Name of the Vulnerable Software and Affected Versions Control Panel affected versions not specified Description The Control Panel software has an issue with its API for pre-registering users into an enrollment and organization before their initial login. The API used for user creation verifies th...
insights-client: unsafe handling of temporary files and directories
A vulnerability was found in insights-client. This security issue occurs because of insecure file operations or unsafe handling of temporary files and directories that lead to local privilege escalation. Before the insights-client has been registered on the system by root, an unprivileged local...
CVE-2019-17114
A stored and reflected cross-site scripting XSS vulnerability in WiKID 2FA Enterprise Server through 4.2.0-b2047 allows remote attackers to inject arbitrary web script or HTML via /WiKIDAdmin/userPreregistration.jsp. The preRegistrationData parameter is vulnerable: a reflected cross-site scriptin...
Cross site scripting
A stored and reflected cross-site scripting XSS vulnerability in WiKID 2FA Enterprise Server through 4.2.0-b2047 allows remote attackers to inject arbitrary web script or HTML via /WiKIDAdmin/userPreregistration.jsp. The preRegistrationData parameter is vulnerable: a reflected cross-site scriptin...
Call for Papers | Microsoft BlueHat Shanghai 2019
The Microsoft Security Response Center MSRC recently announced our first BlueHat security conference in Shanghai which will take place on May 29-30, 2019. After 15 years of BlueHat events in Redmond, Washington and Israel, we are thrilled to expand to a new location. We work with many talented...
Envoy: XSS in "Guest Pre-Registration" page after registration
Hello Security Team, I Have Found XSS Vulnerability in the Guest Pre-Registration Page Step 5 after register as a new user. Here is how to reproduce the vulnerability: 1. Go to Registration Page 2. Fill The Form With Any Data 3. Keep Going With These Steps After Registration .. 4. but when you...