Toothless5143

Name of the Vulnerable Software and Affected Versions Papra versions prior to 26.4.0 Description Papra is a minimalistic document management and archiving platform. Prior to version 26.4.0, transactional email templates interpolate `user.name` directly into HTML without proper escaping or sanitization. An attacker registering with a display name containing HTML tags can inject those tags into the verification and password reset email bodies. Because emails originate from a legitimate domain (e.g., auth@mail.papra.app), this enables convincing phishing attacks that appear to come from official Papra notifications. Recommendations Update to version 26.4.0 or later.

Name of the Vulnerable Software and Affected Versions Papra versions prior to 26.4.0 Description The Papra webhook system allows authenticated users to register arbitrary URLs as webhook endpoints without validation. The server sends HTTP POST requests to these registered URLs, which can include localhost, internal network addresses, and cloud provider metadata endpoints, whenever a document event occurs. Recommendations Update to version 26.4.0 or later.

Name of the Vulnerable Software and Affected Versions Papra versions prior to 26.4.0 Description Papra is a document management and archiving platform. Before version 26.4.0, API keys with an expiration date (`expiresAt`) were not checked against the current time during authentication. This allowed users with expired API keys to continue accessing protected endpoints as if the key were still valid. Recommendations Update to version 26.4.0 or later.