Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

GHSA-hhjm-mpmf-cxg9: Microweber vulnerable to stored cross-site scripting (XSS) via X-Forwarded-For header

microweber/microweber prior to 1.3.3 is vulnerable to stored cross-site scripting (XSS) via the `X-Forwarded-For` header. This was fixed in version 1.3.3.

ghsa
Open in Source
#xss#web#git
GHSA-3j93-7rf7-p7m6: thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS)

thorsten/phpmyfaq prior to 3.1.12 is vulnerable to stored cross-site scripting (XSS) because it fails to sanitize user input. This has been fixed in 3.1.12.

GHSA-m9qm-m5w5-9pgj: thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via updatecategory parameter

thorsten/phpmyfaq prior to 3.1.12 is vulnerable to stored cross-site scripting (XSS) because it fails to sanitize user input in the updatecategory parameter. This has been fixed in 3.1.12.

GHSA-xxm6-ff3x-v4vm: thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via category field name parameter

thorsten/phpmyfaq prior to 3.1.12 is vulnerable to stored cross-site scripting (XSS) because it fails to sanitize user input in the `category field name` parameter. This has been fixed in 3.1.12.

GHSA-jph3-3j24-pg3j: thorsten/phpmyfaq vulnerable to DOM cross-site scripting (XSS) via configuration privacy note URL parameter

thorsten/phpmyfaq prior to 3.1.12 is vulnerable to DOM cross-site scripting (XSS) because it fails to sanitize user input in the configuration privacy note URL parameter. This has been fixed in 3.1.12.

GHSA-gmjj-g2rm-xwm7: thorsten/phpmyfaq vulnerable to cross-site scripting (XSS) via stopword parameter

thorsten/phpmyfaq prior to 3.1.12 is vulnerable to cross-site scripting (XSS) because it fails to sanitize user input in the `stopword` parameter. This has been fixed in 3.1.12.

GHSA-m8q9-7v2f-qjx9: thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via artlang parameter

thorsten/phpmyfaq prior to 3.1.12 is vulnerable to stored cross-site scripting (XSS) because it fails to sanitize user input in the artlang parameter. This has been fixed in 3.1.12.

GHSA-gcmq-7652-x98j: thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via adminlog

thorsten/phpmyfaq prior to 3.1.12 is vulnerable to stored cross-site scripting (XSS) because it fails to sanitize user input in the adminlog. This has been fixed in 3.1.12.

GHSA-8p48-ghv5-7qq7: thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via HTML export

thorsten/phpmyfaq prior to 3.1.12 is vulnerable to stored cross-site scripting (XSS) because it fails to sanitize user input in the FAQ site while generating an HTML Export. This has been fixed in 3.1.12.

CVE-2023-28849: Release 10.0.7 · glpi-project/glpi

GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.7, GLPI inventory endpoint can be used to drive a SQL injection attack. It can also be used to store malicious code that could be used to perform XSS attack. By default, GLPI inventory endpoint requires no authentication. Version 10.0.7 contains a patch for this issue. As a workaround, disable native inventory.