Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
githubGitHub Advisory DatabaseGHSA-7644-CXP8-H23R
HistoryNov 10, 2022 - 11:52 p.m.

ibexa/admin-ui vulnerable to Cross-site Scripting in content type name/shortname

2022-11-1023:52:31
GitHub Advisory Database
github.com
11
JSON

Critical severity. It is possible to inject JavaScript XSS in the content type entries “name” and “short name”. To exploit this, one must already have permission to edit content types, which limits it in many cases to people who are already administrators. However, please verify which users have this permission. The fix ensures any injections are escaped.

CPENameOperatorVersion
ibexa/admin-uilt4.2.3
JSON