Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-1761: fix: strip tags in comments · thorsten/phpMyFAQ@128ef85

Code Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.12.

CVE
Open in Source
#vulnerability#git#php

Skip to content

Sign up

    • Actions

      Automate any workflow

    • Packages

      Host and manage packages

    • Security

      Find and fix vulnerabilities

    • Codespaces

      Instant dev environments

    • Copilot

      Write better code with AI

    • Code review

      Manage code changes

    • Issues

      Plan and track work

    • Discussions

      Collaborate outside of code

*   Explore
*   All features
*   Documentation
*   GitHub Skills
*   Blog

    • For

    • Enterprise

    • Teams

    • Startups

    • Education

    • By Solution

    • CI/CD & Automation

    • DevOps

    • DevSecOps

    • Case Studies

    • Customer Stories

    • Resources

    • GitHub Sponsors

      Fund open source developers

*   The ReadME Project
    
    GitHub community articles
    

*   Repositories
*   Topics
*   Trending
*   Collections

  • Pricing

  • In this repository All GitHub

  • No suggested jump to results

  • In this repository All GitHub

  • In this user All GitHub

  • In this repository All GitHub

Sign in

Sign up

thorsten / phpMyFAQ Public

  • Notifications
  • Fork 237
  • Star 557
  • Code
  • Issues 24
  • Pull requests
  • Discussions
  • Actions
  • Projects 2
  • Security
  • Insights

More

Permalink

Browse files

fix: strip tags in comments

  • Loading branch information

thorsten committed

Feb 14, 2023

1 parent ae6c1d8 commit 128ef85

Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.

    • ajaxservice.php
      • Comments.php

2 phpmyfaq/ajaxservice.php

Show comments View file

@@ -200,7 +200,7 @@

->setType($type)

->setUsername($username)

->setEmail($mailer)

->setComment(nl2br($comment))

->setComment(nl2br(strip_tags($comment)))

->setDate($_SERVER[‘REQUEST_TIME’]);

if ($oComment->addComment($commentEntity)) {

2 phpmyfaq/src/phpMyFAQ/Comments.php

Show comments View file

@@ -83,7 +83,7 @@ public function getComments(int $id, string $type): string

$output .= sprintf(

'<strong><a href="mailto:%s">%s</a></strong>’,

$mail->safeEmail($item->getEmail()),

$item->getUsername()

Strings::htmlentities($item->getUsername())

);

$output .= sprintf(' <span class="text-muted">(%s)</span>’, $date->format($item->getDate()));

$output .= ' </div>’;

0 comments on commit 128ef85

Please sign in to comment.

Related news

GHSA-6cpg-gqgq-2rrr: phpMyFAQ Code Injection vulnerability

Code Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.12.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE