mettle/sendportal

mettle/sendportal

Releases11

Frequency4 months 2 weeks

Last Release about 2 years ago

Stars2.14K

Open-source self-hosted email marketing. Manage your own newsletters at a fraction of the cost.

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2026-10234 ↗	Jun 1, 2026Monday, 1 June 2026, 08:16	3.5 LOW	4 MEDIUM
A vulnerability was detected in Mettle sendportal up to 3.0.1. This affects an unknown part of the file /webview/ of the component Campaign Handler. The manipulation of the argument content results in cross site scripting. The attack can be launched remotely. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
CVE-2026-7145 ↗	Apr 27, 2026Monday, 27 April 2026, 18:16	5.4 MEDIUM	5.5 MEDIUM
A weakness has been identified in mettle sendportal up to 3.0.1. Affected is the function destroy of the file app/Http/Controllers/Workspaces/WorkspaceInvitationsController.php of the component Invitation Handler. This manipulation of the argument invitation causes authorization bypass. The attack may be initiated remotely. The project was informed of the problem early through an issue report but has not responded yet.