3 matches found
PT-2026-54862
Name of the Vulnerable Software and Affected Versions Craft CMS versions 5.9.0 through 5.9.x Description Control panel users with entry editing permissions can execute unsandboxed Twig code, which may lead to authenticated Remote Code Execution RCE. The issue occurs during the entry saving proces...
PT-2024-20429 · Alinto +1 · Alinto Sogo +1
Name of the Vulnerable Software and Affected Versions: Alinto SOGo versions prior to 5.10.0 Description: A Cross Site Scripting issue exists in Alinto SOGo, allowing a remote attacker to execute arbitrary code via the import function to the mail component. This can be exploited by a remote...
PT-2021-24351
Name of the Vulnerable Software and Affected Versions: TinyMCE versions prior to 5.10.0 Description: A cross-site scripting vulnerability was discovered in the URL processing logic of the image and link plugins, allowing arbitrary JavaScript execution when updating an image or link using a...