Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-23734 | 1 Savignano | 1 S-notify | 2025-06-17 | N/A | 5.2 MEDIUM |
| Cross Site Request Forgery vulnerability in in the upload functionality of the User Profile pages in savignano S/Notify before 2.0.1 for Bitbucket allow attackers to replace S/MIME certificate or PGP keys for arbitrary users via crafted link. | |||||
| CVE-2024-23735 | 1 Savignano | 1 S-notify | 2025-06-17 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in in the S/MIME certificate upload functionality of the User Profile pages in savignano S/Notify before 4.0.0 for Confluence allows attackers to manipulate user data via specially crafted certificate. | |||||
| CVE-2023-50930 | 1 Savignano | 1 S-notify | 2025-05-14 | N/A | 8.3 HIGH |
| An issue was discovered in savignano S/Notify before 4.0.2 for Jira. While an administrative user is logged on, the configuration settings of S/Notify can be modified via a CSRF attack. The injection could be initiated by the administrator clicking a malicious link in an email or by visiting a malicious website. If executed while an administrator is logged on to Jira, an attacker could exploit this to modify the configuration of the S/Notify app on that host. This can, in particular, lead to email notifications being no longer encrypted when they should be. | |||||
| CVE-2024-23737 | 1 Savignano | 1 S-notify | 2025-03-18 | N/A | 5.4 MEDIUM |
| Cross Site Request Forgery (CSRF) vulnerability in savignano S/Notify before 4.0.2 for Jira allows attackers to allows attackers to manipulate a user's S/MIME certificate of PGP key via malicious link or email. | |||||