GHSA-f27p-cmv8-xhm6: fetch: Authorization headers not dropped when redirecting cross-origin

GHSA-2p95-8xvm-2pjx: REDAXO CMS Cross-site Scripting vulnerability

GHSA-m78c-qx99-mvw9: Grav Cross-site Scripting vulnerability

GHSA-237r-r8m4-4q88: Guzzle OAuth Subscriber has insufficient nonce entropy

GHSA-v6jv-p6r8-j78w: NiceGUI On Air authentication issue

Dolibarr before 17.0.1 allows remote code execution by an authenticated user via an uppercase manipulation: <?PHP instead of <?php in injected data.

**Dolibarr vulnerable to remote code execution via uppercase manipulation**

Moderate severity GitHub Reviewed Published May 29, 2023 to the GitHub Advisory Database • Updated May 30, 2023

Headline

GHSA-9wqr-5jp4-mjmh: Dolibarr vulnerable to remote code execution via uppercase manipulation

Related news

ghsa: Latest News