3 matches found
CVE-2025-13821 User profile update exposes password hash and MFA secrets
Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 fail to sanitize sensitive data in WebSocket messages which allows authenticated users to exfiltrate password hashes and MFA secrets via profile nickname updates or email verification events. Mattermost Advisory ID:...
CVE-2025-13821
Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 fail to sanitize sensitive data in WebSocket messages which allows authenticated users to exfiltrate password hashes and MFA secrets via profile nickname updates or email verification events. Mattermost Advisory ID:...
Intranda Goobi Viewer Core 跨站脚本漏洞
Intranda Goobi Viewer Core is a Web-based digital library system from Intranda, Germany. A cross-site scripting vulnerability exists in Intranda Goobi Viewer Core versions prior to 23.03, which stems from the presence of a cross-site scripting XSS vulnerability. The vulnerability can be exploited...