Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-1290: chore(security): fix issue where html was allowed in some input fields · polonel/trudesk@4f48b3b

Stored XSS in "Name", “Group Name” & “Title” in GitHub repository polonel/trudesk prior to v1.2.0. This allows attackers to execute malicious scripts in the user’s browser and it can lead to session hijacking, sensitive data exposure, and worse.

CVE
Open in Source
#xss#js#git

Permalink

Browse files

chore(security): fix issue where html was allowed in some input fields

  • Loading branch information

Showing with 42 additions and 19 deletions.

  1. +11 −1 src/helpers/utils/index.js
  2. +2 −1 src/models/attachment.js
  3. +3 −2 src/models/department.js
  4. +2 −1 src/models/group.js
  5. +3 −1 src/models/notice.js
  6. +3 −2 src/models/role.js
  7. +3 −2 src/models/tag.js
  8. +3 −2 src/models/team.js
  9. +2 −1 src/models/ticket.js
  10. +2 −1 src/models/ticketpriority.js
  11. +2 −1 src/models/tickettype.js
  12. +6 −4 src/models/user.js

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE