GHSA-p85q-mww9-gwqf: Citizen Short Description stored XSS vulnerability through wikitext

GHSA-prmv-7r8c-794g: Citizen vulnerable to Stored XSS through short descriptions

GHSA-67rr-84xm-4c7r: Next.JS vulnerability can lead to DoS via cache poisoning 

GHSA-r2fc-ccr8-96c4: Next.js has a Cache poisoning vulnerability due to omission of the Vary header

GHSA-rq6g-6g94-jfr4: starcitizentools/citizen-skin is vulnerable to Stored XSS attack in the legacy search bar through page descriptions

### Impact
The vantage6 server has no restrictions on CORS settings. It should be possible for people to set the allowed origins of the server. 

The impact is limited because v6 does not use session cookies

### Patches
No

### Workarounds
No

**vantage6's CORS settings overly permissive**

Moderate severity GitHub Reviewed Published Mar 14, 2024 in vantage6/vantage6 • Updated Mar 15, 2024

Headline

GHSA-4946-85pr-fvxh: vantage6's CORS settings overly permissive

Impact

Patches

Workarounds

ghsa: Latest News