GHSA-7m27-7ghc-44w9: Next.js Allows a Denial of Service (DoS) with Server Actions

GHSA-q9jv-mm3r-j47r: PhpSpreadsheet allows bypass XSS sanitizer using the javascript protocol and special characters

GHSA-hwcp-2h35-p66w: PhpSpreadsheet has a Cross-Site Scripting (XSS) vulnerability of the hyperlink base in the HTML page header

GHSA-wv23-996v-q229: PhpSpreadsheet has a Cross-Site Scripting (XSS) vulnerability in custom properties

GHSA-j2xg-cjcx-4677: PhpSpreadsheet allows unauthorized Reflected XSS in Currency.php file

Content on the groups page required additional sanitizing to prevent an XSS risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8 and 3.11 to 3.11.14.

**Moodle vulnerable to Cross-site Scripting**

Moderate severity GitHub Reviewed Published Jun 22, 2023 to the GitHub Advisory Database • Updated Jun 27, 2023

Headline

GHSA-fwfj-8p36-rc64: Moodle vulnerable to Cross-site Scripting

Related news

ghsa: Latest News