Known Vulnerabilities
CVE-2024-27185
The pagination class includes arbitrary parameters in links, leading to cache poisoning attack vectors.
CRITICAL
CVSS 9.1
Published Aug 20, 2024
CVE-2024-27186
The mail template feature lacks an escaping mechanism, causing XSS vectors in multiple extensions.
MEDIUM
CVSS 6.1
Published Aug 20, 2024
CVE-2024-27184
Inadequate validation of URLs could result into an invalid check whether an redirect URL is internal or not..
MEDIUM
CVSS 6.1
Published Aug 20, 2024
CVE-2024-40743
The stripImages and stripIframes methods didn't properly process inputs, leading to XSS vectors.
MEDIUM
CVSS 6.1
Published Aug 20, 2024
CVE-2024-27187
Improper Access Controls allows backend users to overwrite their username when disallowed.
HIGH
CVSS 7.5
Published Aug 20, 2024