GHSA-pxg6-pf52-xh8x: cookie accepts cookie name, path, and domain with out of bounds characters

GHSA-q898-frwq-f3qp: Minecraft MOTD Parser's HtmlGenerator vulnerable to XSS

GHSA-8xq9-g7ch-35hg: Parse Server's custom object ID allows to acquire role privileges

GHSA-8h22-6qwx-q4w9: OpenStack Ironic fails to verify checksums of supplied image_source URLs

GHSA-wwcp-26wc-3fxm: JSON-lib mishandles an unbalanced comment string

Concrete CMS versions 9.0.0 to 9.3.2 and below 8.5.18 are vulnerable to Stored XSS in RSS Displayer when user input is stored and later embedded into responses. A rogue administrator could inject malicious code into fields due to insufficient input validation.

**Comcrete CMS Stored Cross-site Scripting vulnerability**

Low severity GitHub Reviewed Published Aug 12, 2024 to the GitHub Advisory Database • Updated Aug 19, 2024

Headline

GHSA-q5wx-m95r-4cgc: Comcrete CMS Stored Cross-site Scripting vulnerability

ghsa: Latest News