Mosparo CVEs and Security Vulnerabilities

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-41195	1 Mosparo	1 Mosparo	2026-05-13	5 Medium
mosparo is the modern solution to protect your online forms from spam. Prior to 1.4.13, the automatic rule package source URL feature allows a project member with the editor role to store an attacker-controlled URL that the server later fetches. Because the server follows http/https redirects and does not restrict private or loopback destinations, this becomes a stored SSRF primitive that can be turned into an internal HTTP probing oracle. This vulnerability is fixed in 1.4.13.
CVE-2023-5687	1 Mosparo	1 Mosparo	2024-11-21	8.8 High
Cross-Site Request Forgery (CSRF) in GitHub repository mosparo/mosparo prior to 1.0.3.
CVE-2023-5375	1 Mosparo	1 Mosparo	2024-11-21	6.1 Medium
Open Redirect in GitHub repository mosparo/mosparo prior to 1.0.2.

Page 1 of 1.