In Vanilla before 2.6.1, the polling functionality allows Insecure Direct Object Reference (IDOR) via the Poll ID, leading to the ability of a single user to select multiple Poll Options (e.g., vote for multiple items).
GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the Projects::MergeRequests::CreationsController component resulting in an...
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit swimlanes of a private project of another user.
In Kanboard before 1.0.47, by altering form data, an authenticated user can remove columns from a private project of another user.
In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new category to a private project of another user.
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit metadata of a private project of another user, as demonstrated by Name, Email, Identifier, and Description.
In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new task to a private project of another user.