Vulnerabilities and security researches foravalex avalex

Jun 07, 2024

CVE, Research URL: CVE-2023-25059
Home page URL: Security reports for avalex – Automatisch sichere Rechtstexte
Application: avalex – Automatisch sichere Rechtstexte
Date: Apr 07, 2023
Research Description: Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in avalex GmbH avalex – Automatically secure legal texts plugin <= 3.0.3 versions.
Affected versions: max 3.0.9.
Status: vulnerable

Mar 31, 2026

CVE, Research URL: CVE-2026-25462
Home page URL: Security reports for avalex – Automatisch sichere Rechtstexte
Application: avalex – Automatisch sichere Rechtstexte
Date: Mar 25, 2026
Research Description: Missing Authorization vulnerability in avalex avalex avalex allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects avalex: from n/a through <= 3.1.3.
Affected versions: max 3.1.3.
Status: vulnerable