Security
Headlines
HeadlinesLatestCVEs

Tag

#git

GHSA-58v7-58c2-qwm9: phpMyFAQ Cross-site Scripting vulnerability

Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.18.

ghsa
Open in Source
#xss#vulnerability#git#php
GHSA-r657-3wqh-g2x9: Microweber uses hard coded credentials

Use of Hard-coded Credentials in GitHub repository microweber/microweber 1.3.4 and prior. A patch is available and anticipated to be part of version 2.0.

GHSA-j5ww-5xf4-hqm2: phpMyFAQ Cross-site Scripting vulnerability

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.18.

GHSA-qcjg-hvg6-hxcp: phpMyFAQ allows unrestricted file types in image field

Unrestricted Upload of File with Dangerous Type in GitHub repository thorsten/phpmyfaq prior to 3.1.18.

CVE-2023-5320: fix: only URLs should be allowed · thorsten/phpMyFAQ@e923695

Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.18.

CVE-2023-5317: fix: allow only valid URLs for instances · thorsten/phpMyFAQ@ec551bd

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.18.

CVE-2023-5316: fix: added missing conversion to HTML entities · thorsten/phpMyFAQ@332d2e4

Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.18.

CVE-2023-5318: huntr – Security Bounties for any GitHub repository

Use of Hard-coded Credentials in GitHub repository microweber/microweber prior to 2.0.

CVE-2023-5319: huntr – Security Bounties for any GitHub repository

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.18.

CVE-2023-5227: feat: added check for valid image MIME types · thorsten/phpMyFAQ@abf5248

Unrestricted Upload of File with Dangerous Type in GitHub repository thorsten/phpmyfaq prior to 3.1.8.