GHSA-WH3W-JCC7-MHMF pretalx vulnerable to path traversal in HTML export

pretalx before 2.3.2 allows path traversal in HTML export a non-default feature. Users were able to upload crafted HTML documents that trigger the reading of arbitrary files...

GHSA-23FX-92M6-4F2G pretalx allows path traversal in HTML export

pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export a non-default feature. Organizers can trigger the overwriting with the standard pretalx 404 page content of an arbitrary file...

pretalx vulnerable to path traversal in HTML export

pretalx before 2.3.2 allows path traversal in HTML export a non-default feature. Users were able to upload crafted HTML documents that trigger the reading of arbitrary files...

pretalx allows path traversal in HTML export

pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export a non-default feature. Organizers can trigger the overwriting with the standard pretalx 404 page content of an arbitrary file...

CVE-2023-28459

pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export a non-default feature. Users were able to upload crafted HTML documents that trigger the reading of arbitrary files...

CVE-2023-28458

pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export a non-default feature. Organizers can trigger the overwriting with the standard pretalx 404 page content of an arbitrary file...

CVE-2023-28459

pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export a non-default feature. Users were able to upload crafted HTML documents that trigger the reading of arbitrary files...

CVE-2023-28458

pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export a non-default feature. Organizers can trigger the overwriting with the standard pretalx 404 page content of an arbitrary file...

Path traversal

pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export a non-default feature. Users were able to upload crafted HTML documents that trigger the reading of arbitrary files...

PYSEC-2023-40

pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export a non-default feature. Organizers can trigger the overwriting with the standard pretalx 404 page content of an arbitrary file...

PYSEC-2023-41

pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export a non-default feature. Users were able to upload crafted HTML documents that trigger the reading of arbitrary files...

PYSEC-2023-40

pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export a non-default feature. Organizers can trigger the overwriting with the standard pretalx 404 page content of an arbitrary file...

Path traversal

pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export a non-default feature. Organizers can trigger the overwriting with the standard pretalx 404 page content of an arbitrary file...

EUVD-2023-0205

pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export a non-default feature. Organizers can trigger the overwriting with the standard pretalx 404 page content of an arbitrary file...

PYSEC-2023-41

pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export a non-default feature. Users were able to upload crafted HTML documents that trigger the reading of arbitrary files...

Stored Cross-Site Scripting (XSS)

thorsten/phpmyfaq is vulnerable to Stored Cross-Site Scripting XSS.The vulnerability is due to a lack of sanitization when generating an HTML export...

PT-2023-21732 · Pretalx · Pretalx

Name of the Vulnerable Software and Affected Versions: pretalx versions 2.3.1 through 2.3.1 Description: The issue allows path traversal in HTML export, a non-default feature. Users can upload crafted HTML documents that trigger the reading of arbitrary files. Recommendations: For pretalx version...

CVE-2023-28458

CVE-2023-28458 affects Pretalx up to version 2.3.1, where path traversal in the HTML export feature can allow overwriting an arbitrary file with the standard 404 page content. The vulnerability is documented with multiple sources confirming a limited file-write condition that can lead to a broade...

CVE-2023-28458

pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export a non-default feature. Organizers can trigger the overwriting with the standard pretalx 404 page content of an arbitrary file...

CVE-2023-28459

pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export a non-default feature. Users were able to upload crafted HTML documents that trigger the reading of arbitrary files...