CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

Cross-site Scripting (XSS) - Stored in GitHub repository projectsend/projectsend prior to r1606.

@@ -10,10 +10,17 @@

$active\_nav = 'templates';

include\_once ADMIN\_VIEWS\_DIR . DS . 'header.php';

  

$templates = look\_for\_templates();

$valid\_templates = array\_map(function($t) { return $t\['location'\]; }, $templates);

  

/\*\*

\* Changing the client's template

\*/

if (isset($\_GET\['activate\_template'\])) {

if (!in\_array($\_GET\['activate\_template'\], $valid\_templates)) {

exit\_with\_error\_code(403);

}

  

$save = save\_option('selected\_clients\_template', $\_GET\['activate\_template'\]);

  

global $flash;

@@ -28,8 +35,6 @@

  

ps\_redirect(BASE\_URI . 'templates.php');

}

  

$templates = look\_for\_templates();

?>

<div class\="row"\>

<div class\="col-12 col-sm-12 col-lg-12"\>

Headline

CVE-2023-0607: Fix XSS when changing template · projectsend/projectsend@698be4a

CVE: Latest News