CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

K-Box is a web-based application to manage documents, images, videos and geodata. Prior to version 0.33.1, a stored Cross-Site-Scripting (XSS) vulnerability is present in the markdown editor used by the document abstract and markdown file preview. A specifically crafted anchor link can, if clicked, execute untrusted javascript actions, like retrieving user cookies. Version 0.33.1 includes a patch that allows discarding unsafe links.

Permalink

Browse files

Update markdown configuration

*   Loading branch information

![@avvertix](https://avatars.githubusercontent.com/u/5672748?s=40&v=4)

avvertix committed

Feb 12, 2022

1 parent 26a60f8 commit 3bb4df9a4d01aade5bffaa603a514d1a5fabd214

Showing with **1 addition** and **1 deletion**.

1.  +1 −1 config/markdown.php

2 config/markdown.php

Show comments View file

@@ -144,7 +144,7 @@

|

\*/

  

'allow\_unsafe\_links' => true,

'allow\_unsafe\_links' => false,

  

/\*

\* Configuration related to ExternalLinkExtension

**0 comments on commit `3bb4df9`**

Please sign in to comment.

Headline

CVE-2022-23637: Update markdown configuration · k-box/k-box@3bb4df9

CVE: Latest News