GHSA-62r2-gcxr-426x:  starcitizentools/citizen-skin vulnerable to stored, self-XSS in the "real name" field

GHSA-7p89-p6hx-q4fw: basic-auth-connect's callback uses time unsafe string comparison

GHSA-h5q3-fjp4-2x7r: MantisBT vulnerable to information disclosure with user profiles

GHSA-5rfv-66g4-jr8h: RestrictedPython information leakage via `AttributeError.obj` and the `string` module

GHSA-g643-xq6w-r67c: Deserialization of Untrusted Data vulnerability in Apache Lucene Replicator.

Failing to properly check user permission on file storages, editors could gain knowledge of protected storages and its folders as well as using them in a file collection being rendered in the frontend. A valid backend user account is needed to exploit this vulnerability.

**Information Disclosure in TYPO3 CMS**

Moderate severity GitHub Reviewed Published Jun 5, 2024 to the GitHub Advisory Database • Updated Jun 5, 2024

Headline

GHSA-g46h-v2cc-6c94: Information Disclosure in TYPO3 CMS

ghsa: Latest News