CVE-2024-27185

The pagination class includes arbitrary parameters in links, leading to cache poisoning attack vectors.

CVE-2024-27184

Inadequate validation of URLs could result into an invalid check whether an redirect URL is internal or not..

CVE-2024-27187

Improper Access Controls allows backend users to overwrite their username when disallowed.

CVE-2024-27186

The mail template feature lacks an escaping mechanism, causing XSS vectors in multiple extensions.

CVE-2024-40743

The stripImages and stripIframes methods didn't properly process inputs, leading to XSS vectors.