Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-2103: Escape the legal settings, service and category name in the booking page · alextselegidis/easyappointments@46a8653

Cross-site Scripting (XSS) - Stored in GitHub repository alextselegidis/easyappointments prior to 1.5.0.

CVE
#xss#git#php

@@ -1,7 +1,7 @@

<?php

/**

* Local variables.

*

*

* @var array $available_services

*/

?>

@@ -66,11 +66,11 @@

if (count($group) > 0)

{

echo ‘<optgroup label="’ . $group_label . '">’;

echo ‘<optgroup label="’ . e($group_label) . '">’;

foreach ($group as $service)

{

echo ‘<option value="’ . $service[‘id’] . ‘">’

. $service[‘name’] . '</option>’;

. e($service[‘name’]) . '</option>’;

}

echo '</optgroup>’;

}

@@ -80,7 +80,7 @@

{

foreach ($available_services as $service)

{

echo ‘<option value="’ . $service[‘id’] . ‘">’ . $service[‘name’] . '</option>’;

echo ‘<option value="’ . $service[‘id’] . ‘">’ . e($service[‘name’]) . '</option>’;

}

}

?>

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907