Security
Headlines

Headlines Latest CVEs

Headline

GHSA-82h9-v8vh-mfpq: Browsershot vulnerable to Cross-Site Scripting (XSS)

Browsershot version 3.57.2 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate that the HTML content passed to the Browsershot::html method does not contain URL’s that use the file:// protocol.

2 years ago

Browsershot vulnerable to Cross-Site Scripting (XSS)

Moderate severity GitHub Reviewed Published Nov 25, 2022 • Updated Nov 30, 2022

Related news

CVE-2022-43983: Browsershot 3.57.2 - Server Side XSS to LFR via HTML | Advisories | Fluid Attacks

Browsershot version 3.57.2 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate that the HTML content passed to the Browsershot::html method does not contain URL's that use the file:// protocol.

2 years ago

#xss #vulnerability #linux #git

ghsa: Latest News

GHSA-mj5r-x73q-fjw6: SPEmailHandler-PHP has Potential Abuse for Sending Arbitrary Emails

16 hours ago

GHSA-jwcm-9g39-pmcw: Recursive repository cloning can leak authentication tokens to non-GitHub submodule hosts

17 hours ago

GHSA-55v3-xh23-96gh: `auth.TokenForHost` violates GitHub host security boundary when sourcing authentication token within a codespace

17 hours ago

GHSA-j6vm-4r7g-x4gr: Devolutions.XTS.NET Vulnerable to Timing Attack on GF Multiplications

19 hours ago

GHSA-6q3q-6v5j-h6vg: Querydsl vulnerable to HQL injection trough orderBy

19 hours ago