Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-4007: fix: added missing conversion to HTML entities · thorsten/phpMyFAQ@40eb968

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.16.

CVE
Open in Source
#xss#git#php

Expand Up @@ -315,11 +315,11 @@ public function toHtmlAnchor(): string }
if (!empty($this->tooltip)) { $htmlAnchor .= sprintf(' title="%s"’, addslashes($this->tooltip)); $htmlAnchor .= sprintf(' title="%s"’, Strings::htmlentities($this->tooltip)); }
if (!empty($this->name)) { $htmlAnchor .= sprintf(' name="%s"’, $this->name); $htmlAnchor .= sprintf(' name="%s"’, Strings::htmlentities($this->name)); } else { if (!empty($this->url)) { $htmlAnchor .= sprintf(' href="%s"’, $url); Expand All @@ -333,10 +333,10 @@ public function toHtmlAnchor(): string } $htmlAnchor .= '>’; if ((‘0’ == $this->text) || (!empty($this->text))) { $htmlAnchor .= $this->text; $htmlAnchor .= Strings::htmlentities($this->text); } else { if (!empty($this->name)) { $htmlAnchor .= $this->name; $htmlAnchor .= Strings::htmlentities($this->name); } else { $htmlAnchor .= $url; } Expand Down

Related news

GHSA-q9vm-29ph-p7mp: phpMyFAQ Stored Cross-site Scripting vulnerability

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.16.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE