Security
Headlines
HeadlinesLatestCVEs

Tag

#git

GHSA-5jwv-m8h3-69cg: phpMyFaq Cross-site Scripting vulnerability

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.18.

ghsa
Open in Source
#xss#vulnerability#git#php
GHSA-qcjg-hvg6-hxcp: phpMyFAQ allows unrestricted file types in image field

Unrestricted Upload of File with Dangerous Type in GitHub repository thorsten/phpmyfaq prior to 3.1.18.

CVE-2023-5316: fix: added missing conversion to HTML entities · thorsten/phpMyFAQ@332d2e4

Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.18.

CVE-2023-5318: huntr – Security Bounties for any GitHub repository

Use of Hard-coded Credentials in GitHub repository microweber/microweber prior to 2.0.

CVE-2023-5319: huntr – Security Bounties for any GitHub repository

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.18.

CVE-2023-5320: fix: only URLs should be allowed · thorsten/phpMyFAQ@e923695

Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.18.

CVE-2023-5317: fix: allow only valid URLs for instances · thorsten/phpMyFAQ@ec551bd

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.18.

CVE-2023-5227: feat: added check for valid image MIME types · thorsten/phpMyFAQ@abf5248

Unrestricted Upload of File with Dangerous Type in GitHub repository thorsten/phpmyfaq prior to 3.1.8.

GHSA-7fh5-64p2-3v2j: PostCSS line return parsing error

An issue was discovered in PostCSS before 8.4.31. It affects linters using PostCSS to parse external Cascading Style Sheets (CSS). There may be `\r` discrepancies, as demonstrated by `@font-face{ font:(\r/*);}` in a rule.

CVE-2023-44270: postcss/lib/tokenize.js at main · postcss/postcss

An issue was discovered in PostCSS before 8.4.31. It affects linters using PostCSS to parse external Cascading Style Sheets (CSS). There may be \r discrepancies, as demonstrated by @font-face{ font:(\r/*);} in a rule.