Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-pr4w-m4rp-gp87: PHPMemcachedAdmin vulnerable to cross-site scripting (XSS) via improper encoding

A critical flaw has been identified in elijaa/phpmemcachedadmin affecting version 1.3.0, specifically related to a stored XSS vulnerability. This vulnerability allows malicious actors to insert a carefully crafted JavaScript payload. The issue arises from improper encoding of user-controlled entries in the “/pmcadmin/configure.php” parameter.

ghsa
Open in Source
#xss#vulnerability#memcached#git#java#php

PHPMemcachedAdmin vulnerable to cross-site scripting (XSS) via improper encoding

Moderate severity GitHub Reviewed Published Nov 30, 2023 to the GitHub Advisory Database • Updated Dec 6, 2023

Related news

CVE-2023-6026: Multiple vulnerabilities in PHPMemcachedAdmin

A Path traversal vulnerability has been reported in elijaa/phpmemcachedadmin affecting version 1.3.0. This vulnerability allows an attacker to delete files stored on the server due to lack of proper verification of user-supplied input.

ghsa: Latest News

GHSA-8fh4-942r-jf2g: LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device/services.inc.php
ghsa