GHSA-74q2-6jp4-3rqq: Krayin CRM vulnerable to Cross Site Scripting (XSS) via the organization name

GHSA-632q-77qj-c89q: LimeSurvey Cross Site Scripting vulnerability

GHSA-c7xm-rwqj-pgcj: LimeSurvey Cross Site Scripting vulnerability

GHSA-6hwr-6v2f-3m88: XXE in PHPSpreadsheet's XLSX reader

GHSA-r8w8-74ww-j4wh: PhpSpreadsheet HTML writer is vulnerable to Cross-Site Scripting via JavaScript hyperlinks

Vditor 3.10.3 allows XSS via an attribute of an `A` element.

NOTE: the vendor indicates that a user is supposed to mitigate this via `sanitize=true`.

**Vditor allows Cross-site Scripting via an attribute of an \`A\` element**

Moderate severity GitHub Reviewed Published May 3, 2024 to the GitHub Advisory Database • Updated May 3, 2024

Headline

GHSA-m5jf-8crm-r65m: Vditor allows Cross-site Scripting via an attribute of an `A` element

ghsa: Latest News