GHSA-gx9m-whjm-85jf: DOMpurify has a nesting-based mXSS

GHSA-j2hr-q93x-gxvh: SSOReady has an XML Signature Bypass via differential XML parsing

GHSA-26jh-r8g2-6fpr: Gradio's dropdown component pre-process step does not limit the values to those in the dropdown list

GHSA-gvv6-33j7-884g: Gradio has an XSS on every Gradio server via upload of HTML files, JS files, or SVG files

GHSA-279j-x4gx-hfrh: Gradio uses insecure communication between the FRP client and server

Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the keyword text field under the publish blog module.

**Cross-site Scripting in Jfinal CMS**

Moderate severity GitHub Reviewed Published Jun 24, 2022 • Updated Jun 25, 2022

Headline

GHSA-9pvq-4cc7-24jg: Cross-site Scripting in Jfinal CMS

Related news

ghsa: Latest News