CVE-2026-10234

A vulnerability was detected in Mettle sendportal up to 3.0.1. This affects an unknown part of the file /webview/ of the component Campaign Handler. The manipulation of the argument content results in cross site scripting. The attack can be launched remotely. The exploit is now public and may be...

CVE-2026-10234

A vulnerability was detected in Mettle sendportal up to 3.0.1. This affects an unknown part of the file /webview/ of the component Campaign Handler. The manipulation of the argument content results in cross site scripting. The attack can be launched remotely. The exploit is now public and may be...

CVE-2026-10234

A vulnerability was detected in Mettle sendportal up to 3.0.1. This affects an unknown part of the file /webview/ of the component Campaign Handler. The manipulation of the argument content results in cross site scripting. The attack can be launched remotely. The exploit is now public and may be...

CVE-2026-10234 Mettle sendportal Campaign webview cross site scripting

A vulnerability was detected in Mettle sendportal up to 3.0.1. This affects an unknown part of the file /webview/ of the component Campaign Handler. The manipulation of the argument content results in cross site scripting. The attack can be launched remotely. The exploit is now public and may be...

EUVD-2026-33568

A vulnerability was detected in Mettle sendportal up to 3.0.1. This affects an unknown part of the file /webview/ of the component Campaign Handler. The manipulation of the argument content results in cross site scripting. The attack can be launched remotely. The exploit is now public and may be...

CVE-2026-10234

CVE-2026-10234 affects Mettle SendPortal (up to 3.0.1). The vulnerability is a cross-site scripting issue in an unknown part of the file path /webview/ within the Campaign Handler, caused by manipulation of the argument content. It can be exploited remotely, and the exploit is public. No remediat...

sendportal 代码注入漏洞

SendPortal is a self-hosted email marketing management tool developed by Mattel. Versions of SendPortal 3.0.1 and earlier had a code injection vulnerability. This vulnerability stemmed from incorrect handling of the content parameter by the Campaign Handler component in the /webview/ file, which...

PT-2026-45278

A vulnerability was detected in Mettle sendportal up to 3.0.1. This affects an unknown part of the file /webview/ of the component Campaign Handler. The manipulation of the argument content results in cross site scripting. The attack can be launched remotely. The exploit is now public and may be...

CVE-2026-7145

A weakness has been identified in mettle sendportal up to 3.0.1. Affected is the function destroy of the file app/Http/Controllers/Workspaces/WorkspaceInvitationsController.php of the component Invitation Handler. This manipulation of the argument invitation causes authorization bypass. The attac...

CVE-2026-7145

A weakness has been identified in mettle sendportal up to 3.0.1. Affected is the function destroy of the file app/Http/Controllers/Workspaces/WorkspaceInvitationsController.php of the component Invitation Handler. This manipulation of the argument invitation causes authorization bypass. The attac...

EUVD-2026-25896

A weakness has been identified in mettle sendportal up to 3.0.1. Affected is the function destroy of the file app/Http/Controllers/Workspaces/WorkspaceInvitationsController.php of the component Invitation Handler. This manipulation of the argument invitation causes authorization bypass. The attac...

CVE-2026-7145 mettle sendportal Invitation WorkspaceInvitationsController.php destroy authorization

A weakness has been identified in mettle sendportal up to 3.0.1. Affected is the function destroy of the file app/Http/Controllers/Workspaces/WorkspaceInvitationsController.php of the component Invitation Handler. This manipulation of the argument invitation causes authorization bypass. The attac...

CVE-2026-7145 mettle sendportal Invitation WorkspaceInvitationsController.php destroy authorization

A weakness has been identified in mettle sendportal up to 3.0.1. Affected is the function destroy of the file app/Http/Controllers/Workspaces/WorkspaceInvitationsController.php of the component Invitation Handler. This manipulation of the argument invitation causes authorization bypass. The attac...

CVE-2026-7145

A weakness has been identified in mettle sendportal up to 3.0.1. Affected is the function destroy of the file app/Http/Controllers/Workspaces/WorkspaceInvitationsController.php of the component Invitation Handler. This manipulation of the argument invitation causes authorization bypass. The attac...

CVE-2026-7145

CVE-2026-7145 affects mettle SendPortal up to version 3.0.1. The vulnerability is in the destroy function of app/Http/Controllers/Workspaces/WorkspaceInvitationsController.php (Invitation Handler), where manipulating the invitation argument leads to authorization bypass. The advisory states the a...

PT-2026-35500

A weakness has been identified in mettle sendportal up to 3.0.1. Affected is the function destroy of the file app/Http/Controllers/Workspaces/WorkspaceInvitationsController.php of the component Invitation Handler. This manipulation of the argument invitation causes authorization bypass. The attac...

sendportal 授权问题漏洞

SendPortal is a self-hosted email marketing management tool developed by Mattel. Versions of SendPortal 3.0.1 and earlier had an authorization vulnerability. This vulnerability stemmed from improper handling of the parameter invitation in the destroy function of the Invitation Handler component...