Headline

GHSA-pxqj-xrv5-qvjf: XML-RPC for PHP's debugger vulnerable to possible XSS attack

The bundled xml-rpc debugger is susceptible to XSS attacks.

Since the debugger is not designed to be exposed to end users but only to the developers using this library, and in the default configuration it is not exposed to requests from the web, the likelihood of exploitation may be low.

2 years ago

ghsa

Open in Source

#xss #vulnerability #web #git #php

GitHub Advisory Database
GitHub Reviewed
GHSA-pxqj-xrv5-qvjf

XML-RPC for PHP’s debugger vulnerable to possible XSS attack

Moderate severity GitHub Reviewed Published Jan 11, 2023 in gggeek/phpxmlrpc • Updated Jan 11, 2023

Vulnerability details Dependabot alerts 0

Package

composer phpxmlrpc/phpxmlrpc (Composer)

Affected versions

< 4.9.2

Patched versions

4.9.2

Description

The bundled xml-rpc debugger is susceptible to XSS attacks.

References

GHSA-pxqj-xrv5-qvjf
https://github.com/gggeek/phpxmlrpc/releases/tag/4.9.2

gggeek published the maintainer security advisory

Jan 11, 2023

Severity

Moderate

Weaknesses

CWE-79

CVE ID

No known CVE

GHSA ID

GHSA-pxqj-xrv5-qvjf

Source code

gggeek/phpxmlrpc

Checking history

See something to contribute? Suggest improvements for this vulnerability.

ghsa: Latest News

GHSA-x7m9-mv49-fv73: Vaultwarden vulnerable to user impersonation

7 hours ago

ghsa

GHSA-vprm-27pv-jp3w: Vaultwarden authenticated reflected cross-site scripting (XSS) vulnerability

7 hours ago

ghsa

GHSA-g5x8-v2ch-gj2g: Vaultwarden HTML injection vulnerability

7 hours ago

ghsa

GHSA-5xh2-23cc-5jc6: Strawberry GraphQL has type resolution vulnerability in node interface that allows potential data leakage through incorrect type resolution

9 hours ago

ghsa

GHSA-675f-rq2r-jw82: JWK Set's HTTP client only overwrites and appends JWK to local cache during refresh

11 hours ago

ghsa