GHSA-mqf3-qpc3-g26q: Silverstripe Framework has a Reflected Cross Site Scripting (XSS) in error message

GHSA-ff6q-3c9c-6cf5: Silverstripe Framework has a XSS in form messages

GHSA-7cmp-cgg8-4c82: Silverstripe Framework has a XSS via insert media remote file oembed

GHSA-m9c9-mc2h-9wjw: Lodestar snappy checksum issue

GHSA-53rv-hcvm-rpp9: Lodestar snappy decompression issue

The commit 3730880 (April 2023) and v.0.9-beta1 of gugoan Economizzer has a user enumeration vulnerability in the login and forgot password functionalities. The app reacts differently when a user or email address is valid, and when it's not. This may allow an attacker to determine whether a user or email address is valid, or brute force valid usernames and email addresses.

**Economizzer user enumeration vulnerability**

Moderate severity GitHub Reviewed Published Sep 28, 2023 to the GitHub Advisory Database • Updated Sep 28, 2023

Headline

GHSA-h3qf-v68r-35jg: Economizzer user enumeration vulnerability

ghsa: Latest News