GHSA-pxg6-pf52-xh8x: cookie accepts cookie name, path, and domain with out of bounds characters

GHSA-q898-frwq-f3qp: Minecraft MOTD Parser's HtmlGenerator vulnerable to XSS

GHSA-8xq9-g7ch-35hg: Parse Server's custom object ID allows to acquire role privileges

GHSA-8h22-6qwx-q4w9: OpenStack Ironic fails to verify checksums of supplied image_source URLs

GHSA-wwcp-26wc-3fxm: JSON-lib mishandles an unbalanced comment string

It has been discovered that the output table listing in the “Files” backend module is vulnerable to cross-site scripting when a file extension contains malicious sequences.

Access to the file system of the server - either directly or through synchronization - is required to exploit the vulnerability.

**TYPO3 Cross-Site Scripting in Filelist Module**

Moderate severity GitHub Reviewed Published Jun 7, 2024 to the GitHub Advisory Database • Updated Jun 7, 2024

Headline

GHSA-g7hw-jh4p-75wr: TYPO3 Cross-Site Scripting in Filelist Module

ghsa: Latest News