Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-1760: fix: added missing conversion to HTML entities · thorsten/phpMyFAQ@56295b5

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.

CVE
Open in Source
#xss#git#php

@@ -17,6 +17,7 @@

namespace phpMyFAQ\Helper;

use phpMyFAQ\Strings;

use phpMyFAQ\User;

/**

@@ -58,7 +59,7 @@ public function getAllUserOptions(int $id = 1, bool $allowBlockedUsers = false):

'<option value="%d" %s>%s (%s)</option>’,

$userId,

(($userId === $id) ? ‘selected’ : ‘’),

$this->user->getUserData(‘display_name’),

Strings::htmlentities($this->user->getUserData(‘display_name’)),

$this->user->getLogin()

);

}

Related news

GHSA-7q9c-f2v8-j8gw: phpMyFAQ Stored Cross-site Scripting vulnerability

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE