Vulnerabilities > Onesignal

DATE CVE VULNERABILITY TITLE RISK
2023-03-27 CVE-2023-28430 Command Injection vulnerability in Onesignal React-Native-Onesignal
OneSignal is an email, sms, push notification, and in-app message service for mobile apps.The Zapier.yml workflow is triggered on issues (types: [closed]) (i.e., when an Issue is closed).
network
low complexity
onesignal CWE-77
8.1
2019-08-30 CVE-2019-15827 Cross-site Scripting vulnerability in Onesignal Onesignal-Free-Web-Push-Notifications 1.17.5
The onesignal-free-web-push-notifications plugin before 1.17.8 for WordPress has XSS via the subdomain parameter.
network
low complexity
onesignal CWE-79
5.4