GHSA-r7rh-jww5-5fjr: Pomerium service account access token may grant unintended access to databroker API

GHSA-mrw8-5368-phm3: Contao allows admin an account to upload SVG file containing malicious JavaScript

GHSA-hxpp-g76m-qhvg: October allows an admin account to upload PDF containing malicious JavaScript

GHSA-3636-hx62-pv26: Zenario allows authenticated admin users to upload PDF files containing malicious code

GHSA-2cc5-429x-p387: Zenario Cross Site Scripting in the Image library

Unrestricted Upload of File with Dangerous Type in GitHub repository thorsten/phpmyfaq prior to 3.1.18.

**phpMyFAQ allows unrestricted file types in image field**

Moderate severity GitHub Reviewed Published Sep 30, 2023 to the GitHub Advisory Database • Updated Oct 2, 2023

Headline

GHSA-qcjg-hvg6-hxcp: phpMyFAQ allows unrestricted file types in image field

Related news

ghsa: Latest News