GHSA-2237-5r9w-vm8j: Connect-CMS information that is restricted to viewing is visible

GHSA-5rjc-jc28-cwgg: Connect-CMS Access control vulnerability

GHSA-432c-wxpg-m4q3: xml2rfc has file inclusion irregularities

GHSA-vj7w-3m8c-6vpx: SFTPGo has insufficient sanitization of user provided rsync command

GHSA-vr5f-php7-rg24: Pimcore Admin Classic Bundle allows user enumeration

#### Impact
A user with access to a specific part of the backoffice is able to inject HTML code into a form where it is not intended.


**Possible injection of HTML into user invite mails**

Low severity GitHub Reviewed Published Dec 12, 2023 in umbraco/Umbraco-CMS • Updated Dec 13, 2023

Headline

GHSA-xxc6-35r7-796w: Possible injection of HTML into user invite mails

Impact

ghsa: Latest News