Tag
#git
Actions in the admin management of analytics models did not include the necessary token to prevent a CSRF risk.
Actions in the admin preset tool did not include the necessary token to prevent a CSRF risk.
Unsafe direct use of $_SERVER['HTTP_REFERER'] in admin/tool/mfa/index.php. The referrer URL used by MFA required additional sanitizing, rather than being used directly.
ID numbers displayed in the lesson overview report required additional sanitizing to prevent a stored XSS risk.
Incorrect validation of allowed event types in a calendar web service made it possible for some users to create events with types/audiences they did not have permission to publish to.
Additional sanitizing was required when opening the equation editor to prevent a stored Cross-site Scripting (XSS) risk when editing another user's equation.
Insufficient escaping of participants' names in the participants page table resulted in a stored XSS risk when interacting with some features.
There is a cross-site scripting (XSS) issue in wanEditor via the image upload function in version 4.7.11. This issue has been fixed in version 4.7.12.
This post will help users find out if their Windows device has been added to the 911 S5 botnet by a malicious VPN application
changedetection versions 0.45.20 and below suffer from a remote code execution vulnerability.