CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6.

@@ -156,9 +156,10 @@ private function updatePerms($vars, &$errors=array()) {

}

  

function update($vars, &$errors) {

if (!$vars\['name'\])

$name = Format::sanitize($vars\['name'\]);

if (!$name)

$errors\['name'\] = \_\_('Name required');

elseif (($r\=Role::lookup(array('name'\=>$vars\['name'\])))

elseif (($r\=Role::lookup(array('name'\=>$name)))

&& $r\->getId() != $vars\['id'\])

$errors\['name'\] = \_\_('Name already in use');

elseif (!$vars\['perms'\] || !count($vars\['perms'\]))

@@ -167,8 +168,8 @@ function update($vars, &$errors) {

if ($errors)

return false;

  

$this\->name = $vars\['name'\];

$this\->notes = $vars\['notes'\];

$this\->name = $name;

$this\->notes = Format::sanitize($vars\['notes'\]);

  

$this\->updatePerms($vars\['perms'\], $errors);

Headline

CVE-2023-1319: xss: Roles · osTicket/osTicket@9fb01bc

CVE: Latest News