2 matches found
PT-2026-22306
The Automotive Car Dealership Business WordPress Theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Call to Action' custom fields in all versions up to, and including, 13.4. This is due to insufficient input sanitization and output escaping on user-supplied attributes in th...
PT-2020-13441 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 13.3 through 13.3.3 Description: The issue concerns an OAuth authorization scope change without user consent in the middle of the authorization flow. Recommendations: For GitLab CE/EE versions 13.3 through 13.3.3, update...