7 matches found
EUVD-2026-31411
The Alfie – Feed Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing nonce validation on the alfiemanage function which handles feed deletion via the 'delete' GET parameter. This makes it possible for...
PT-2026-41658
Name of the Vulnerable Software and Affected Versions Mattermost versions 11.5.0 through 11.5.1 Mattermost versions 10.11.0 through 10.11.13 Mattermost versions 11.4.0 through 11.4.3 Description An issue exists where public/private permissions are not properly verified, allowing members who lack...
CVE-2025-34401
MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the FieldBcc parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The FieldBcc value is not properly sanitized when processed via a GET request and is reflected inside a...
PT-2025-50146
Name of the Vulnerable Software and Affected Versions MailEnable versions prior to 10.54 Description The software contains a reflected cross-site scripting XSS issue in the Added parameter of the ''/Mondo/lang/sys/Forms/MAI/AddRecipientsResult.aspx'' endpoint. The Added value is not properly...
PT-2025-34984
Name of the Vulnerable Software and Affected Versions: QuickCMS version 6.8 Description: QuickCMS transmits passwords and login credentials via GET requests, potentially allowing a local attacker with access to a victim’s browser history to obtain credentials and log in as the user...
CVE-2024-55923 Cross-Site Request Forgery in Indexed Search Module in TYPO3
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstrea...
CVE-2018-1000640
OpenCart-Overclocked (