CVE-2025-48884

Galette is a membership management web application for non profit organizations. In versions 1.1.5.2 and below, Galette's Document Type is vulnerable to Cross-site Scripting. This issue is fixed in version 1.2.0...

CVE-2025-48076

Galette is a membership management web application for non profit organizations. Versions 1.1.5.2 and below allow a user to edit a group name and insert an XSS payload. This issue is fixed in version 1.2.0...

CVE-2025-48884

Galette is a membership management web application for non profit organizations. In versions 1.1.5.2 and below, Galette's Document Type is vulnerable to Cross-site Scripting. This issue is fixed in version 1.2.0...

UBUNTU-CVE-2025-48076

Galette is a membership management web application for non profit organizations. Versions 1.1.5.2 and below allow a user to edit a group name and insert an XSS payload. This issue is fixed in version 1.2.0...

CVE-2025-48884 Galette is vulnerable to XSS through Document Type

Galette is a membership management web application for non profit organizations. In versions 1.1.5.2 and below, Galette's Document Type is vulnerable to Cross-site Scripting. This issue is fixed in version 1.2.0...

CVE-2025-48884

Galette (open-source membership management app) is affected by a Cross-site Scripting (XSS) vulnerability in the Document Type feature for versions 1.1.5.2 and earlier. The root cause is described as vulnerability in Document Type handling, with a fix introduced in version 1.2.0. Public reference...

CVE-2025-48076 Galette is vulnerable to Cross-site Scripting

Galette is a membership management web application for non profit organizations. Versions 1.1.5.2 and below allow a user to edit a group name and insert an XSS payload. This issue is fixed in version 1.2.0...

PT-2025-45045

Name of the Vulnerable Software and Affected Versions Galette versions 1.1.5.2 and below Description Galette is a membership management web application for non profit organizations. Versions 1.1.5.2 and below are susceptible to Cross-site Scripting through the Document Type functionality...

Galette 安全漏洞

Galette is a Galette open source membership management web application for non-profit organizations. A security vulnerability exists in Galette version 1.1.5.2 and earlier, which stems from a vulnerability that allows users to edit group names and insert XSS payloads, potentially leading to...

CVE-2023-0545

The Hostel WordPress plugin before 1.1.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

PT-2023-16351 · WordPress · Hostel

Name of the Vulnerable Software and Affected Versions: Hostel WordPress plugin versions prior to 1.1.5.2 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example, in a...