GHSA-c7xm-rwqj-pgcj: LimeSurvey Cross Site Scripting vulnerability

GHSA-74q2-6jp4-3rqq: Krayin CRM vulnerable to Cross Site Scripting (XSS) via the organization name

GHSA-632q-77qj-c89q: LimeSurvey Cross Site Scripting vulnerability

GHSA-6hwr-6v2f-3m88: XXE in PHPSpreadsheet's XLSX reader

GHSA-r8w8-74ww-j4wh: PhpSpreadsheet HTML writer is vulnerable to Cross-Site Scripting via JavaScript hyperlinks

## Withdrawn

This advisory has been withdrawn as a duplicate of [GHSA-jgh8-vchw-q3g7](https://github.com/advisories/GHSA-jgh8-vchw-q3g7).

## Original Description

isInList in the safeurl-python package before 1.2 for Python has an insufficiently restrictive regular expression for external domains, leading to SSRF.

1.  GitHub Advisory Database
2.  GitHub Reviewed
3.  GHSA-rw83-v3pw-m362

**Withdrawn: safeurl-python contains Server-Side Request Forgery**

Low severity GitHub Reviewed Published Jan 30, 2023 to the GitHub Advisory Database • Updated Feb 1, 2023

Withdrawn This advisory was withdrawn on Feb 1, 2023

**Package**

pip safeurl-python (pip)

Published to the GitHub Advisory Database

Jan 30, 2023

Published by the National Vulnerability Database

Jan 30, 2023

Headline

GHSA-rw83-v3pw-m362: Withdrawn: safeurl-python contains Server-Side Request Forgery

Withdrawn

Original Description

ghsa: Latest News