CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-41083 – CSRF Vulnerability in dada-mail 11.15.1 and below
https://notcve.org/view.php?id=CVE-2021-41083
20 Sep 2021 — Dada Mail is a web-based e-mail list management system. In affected versions a bad actor could give someone a carefully crafted web page via email, SMS, etc, that - when visited, allows them control of the list control panel as if the bad actor was logged in themselves. This includes changing any mailing list password, as well as the Dada Mail Root Password - which could effectively shut out actual list owners of the mailing list and allow the bad actor complete and unfettered control of your mailing list. ... • https://github.com/justingit/dada-mail/commit/d4d3d86d08c816b4da75a5ef45abc12188772459 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 25EXPL: 0CVE-2005-2595
https://notcve.org/view.php?id=CVE-2005-2595
17 Aug 2005 — Cross-site scripting (XSS) vulnerability in Dada Mail before 2.10 Alpha 1 allows remote attackers to execute arbitrary Javascript via archived messages. • http://mojo.skazat.com/download/testing_2_10_0_alpha1.html •