📦 Listmonk

This is a stored cross-site scripting (XSS) vulnerability in listmonk that allows lower-privileged users to inject malicious JavaScript into campaigns or templates. When higher-privileged users view t...

listmonk versions up to 1.1.0 include a nonce parameter in HTTP requests that isn't validated by the backend, allowing requests to be processed without it. This can be chained with other vulnerabiliti...

Listmonk v4.1.0 contains a SQL injection vulnerability in the QuerySubscribers function that allows attackers to execute arbitrary SQL commands. This can lead to privilege escalation and unauthorized ...