Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-1758: fix: added missing conversion to HTML entities · thorsten/phpMyFAQ@f3380f4

Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository thorsten/phpmyfaq prior to 3.1.12.

CVE
#git#php

@@ -127,10 +127,10 @@

<td>

<span style="font-weight: bold;">

<a href="mailto:<?= $newsComment->getEmail() ?>">

<?= $newsComment->getUsername() ?>

<?= Strings::htmlentities($newsComment->getUsername()) ?>

</a> |

<?= $date->format(date('Y-m-d H:i’, $faqComment->getDate())) ?> |

<a href="<?php printf('…/?action=news&id=%d&artlang=%s’, $faqComment->getRecordId(), $faqLangCode) ?>">

<?= $date->format(date('Y-m-d H:i’, $newsComment->getDate())) ?> |

<a href="<?php printf('…/?action=news&id=%d&artlang=%s’, $newsComment->getRecordId(), $faqLangCode) ?>">

<i class="fa fa-newspaper-o" aria-hidden="true"></i>

</a>

</span><br/>

Related news

GHSA-3j93-7rf7-p7m6: thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS)

thorsten/phpmyfaq prior to 3.1.12 is vulnerable to stored cross-site scripting (XSS) because it fails to sanitize user input. This has been fixed in 3.1.12.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907