Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-3073: sec(Documents) sanitize and limit folder name and description · tsolucio/corebos@e87f77c

Cross-site Scripting (XSS) - Stored in GitHub repository tsolucio/corebos prior to 8.

CVE
Open in Source
#xss#vulnerability#git#php

Skip to content

Sign up

    • Actions

      Automate any workflow

    • Packages

      Host and manage packages

    • Security

      Find and fix vulnerabilities

    • Codespaces

      Instant dev environments

    • Copilot

      Write better code with AI

    • Code review

      Manage code changes

    • Issues

      Plan and track work

    • Discussions

      Collaborate outside of code

Explore

*   All features
*   Documentation
*   GitHub Skills
*   Blog

  • For

    • Enterprise
    • Teams
    • Startups
    • Education

    By Solution

    • CI/CD & Automation
    • DevOps
    • DevSecOps

    Case Studies

    • Customer Stories
    • Resources

    • GitHub Sponsors

      Fund open source developers

*   The ReadME Project
    
    GitHub community articles
    

Repositories

*   Topics
*   Trending
*   Collections

  • Pricing

  • In this repository All GitHub

  • No suggested jump to results

  • In this repository All GitHub

  • In this organization All GitHub

  • In this repository All GitHub

Sign in

Sign up

tsolucio / corebos Public

  • Notifications
  • Fork 142
  • Star 131
  • Code
  • Issues 102
  • Pull requests 2
  • Actions
  • Security
  • Insights

More

Commit

Permalink

Browse files

Browse the repository at this point in the history

sec(Documents) sanitize and limit folder name and description

  • Loading branch information

joebordes committed

Jun 2, 2023

1 parent 5e87fbc commit e87f77c

Showing 1 changed file with 2 additions and 2 deletions.

4 changes: 2 additions & 2 deletions modules/Documents/SaveFolder.php

Show comments View file

Expand Up

@@ -15,8 +15,8 @@

$local_log = LoggerManager::getLogger(‘index’);

$folderid = isset($_REQUEST[‘record’]) ? vtlib_purify($_REQUEST[‘record’]) : '’;

$foldername = utf8RawUrlDecode($_REQUEST[‘foldername’]);

$folderdesc = utf8RawUrlDecode($_REQUEST[‘folderdesc’]);

$foldername = substr(vtlib_purify(trim(utf8RawUrlDecode($_REQUEST[‘foldername’]))), 0, 20);

$folderdesc = substr(vtlib_purify(trim(utf8RawUrlDecode($_REQUEST[‘folderdesc’]))), 0, 50);

if (isset($_REQUEST[‘savemode’]) && $_REQUEST[‘savemode’] == ‘Save’) {

if ($folderid == ‘’) {

Expand Down

0 comments on commit e87f77c

Please sign in to comment.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE