Vulnerabilities in Morelitea
3 resultsCVE-2026-28274HIGHInitiative Vulnerable to Token Theft via Stored XSS in Document UploadsEPSS 0.6%CVE-2026-28275HIGHInitiative Vulnerable to Improper Session Invalidation (JWT Remains Valid)EPSS 0.4%CVE-2026-28276HIGHInitiative Allows Unauthenticated Access to Uploaded Documents via Public /uploads/ EndpointEPSS 0.3%