GHSA-c7xm-rwqj-pgcj: LimeSurvey Cross Site Scripting vulnerability

GHSA-74q2-6jp4-3rqq: Krayin CRM vulnerable to Cross Site Scripting (XSS) via the organization name

GHSA-632q-77qj-c89q: LimeSurvey Cross Site Scripting vulnerability

GHSA-6hwr-6v2f-3m88: XXE in PHPSpreadsheet's XLSX reader

GHSA-r8w8-74ww-j4wh: PhpSpreadsheet HTML writer is vulnerable to Cross-Site Scripting via JavaScript hyperlinks

A cross-site scripting vulnerability has been discovered in the TreeDropdownField and TreeMultiSelectField.

This vulnerability can only be exploited if a user with CMS access has posted malicious or unescaped HTML into any of the dataobjects used as a data source for either of these fields.

This has been resolved by ensuring that all dataobjects used as a data source have their content safely encoded.

**Silverstripe XSS in TreeDropdownField and TreeMultiSelectField**

Moderate severity GitHub Reviewed Published May 23, 2024 to the GitHub Advisory Database

Headline

GHSA-r32j-mr8p-hfp8: Silverstripe XSS in TreeDropdownField and TreeMultiSelectField

ghsa: Latest News