Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-g47h-fgcw-g4ph: Algernon engine and themes vulnerable to Cross-site Scripting

All versions of the package github.com/xyproto/algernon/engine; all versions of the package github.com/xyproto/algernon/themes are vulnerable to Cross-site Scripting (XSS) via the themes.NoPage(filename, theme) function due to improper user input sanitization. Exploiting this vulnerability is possible when a file/resource is not found.

ghsa
Open in Source
#xss#vulnerability#git

Algernon engine and themes vulnerable to Cross-site Scripting

Moderate severity GitHub Reviewed Published May 31, 2023 to the GitHub Advisory Database • Updated Jun 6, 2023

Related news

CVE-2023-26131

All versions of the package github.com/xyproto/algernon/engine; all versions of the package github.com/xyproto/algernon/themes are vulnerable to Cross-site Scripting (XSS) via the themes.NoPage(filename, theme) function due to improper user input sanitization. Exploiting this vulnerability is possible when a file/resource is not found.

ghsa: Latest News

GHSA-g5x8-v2ch-gj2g: Vaultwarden HTML injection vulnerability
ghsa