CVE-2025-12756 – Insecure Direct Object Reference in Mattermost Boards Plugin Enables Unauthorised Comment Deletion

CVE ID : CVE-2025-12756

Published : Dec. 1, 2025, 7:51 p.m. | 33 minutes ago

Description : Mattermost versions 11.0.x
Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2025-66312 – Grav Admin Plugin vulnerable to Cross-Site Scripting (XSS) Stored endpoint `/admin/accounts/groups/[group]` parameter `data[readableName]`

CVE-2025-66311 – Grav vulnerable to Cross-Site Scripting (XSS) Stored endpoint `/admin/pages/[page]` in Multiples parameters

CVE-2025-66310 – Grav vulnerable to Cross-Site Scripting (XSS) Stored endpoint `/admin/pages/[page]` parameter `data[header][template]` in Advanced Tab

CVE-2025-66309 – Grav vulnerable to Cross-Site Scripting (XSS) Reflected endpoint /admin/pages/[page], parameter data[header][content][items], located in the “Blog Config” tab