![]() Saleor is a headless, GraphQL commerce platform. An authenticated attacker can inject arbitrary HTML via a crafted email with HTML content in the Subject field. NOTE: this issue exists because of an incomplete fix for CVE-2018-19550.Īn HTML injection vulnerability exists in CERT/CC VINCE software prior to 1.50.4. ![]() php file to be accessible under a /admin/temp/surveys/ URI. Interspire Email Marketer through 6.5.0 allows arbitrary file upload via a surveys_submit.php "create survey and submit survey" operation, which can cause a. OpenCart 3.x Newsletter Custom Popup was discovered to contain a SQL injection vulnerability via the email parameter at index.php?route=extension/module/so_newletter_custom_popup/newsletter. An access-control vulnerability in Gradle Enterprise 2022.4 through 2022.3.1 allows remote attackers to prevent backups from occurring, and send emails with arbitrary text content to the configured installation-administrator contact address, via HTTP access to an accidentally exposed internal endpoint. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |