GHSA-45C6-75P6-83CC fast-xml-builder Comment Value regex can be bypassed

Summary The fix for https://github.com/advisories/GHSA-gh4j-gqv2-49f6 in fast-xml-parser sanitizes -- sequences in XML comment content using .replace/--/g, '- -'. This skip the values containing three consecutive dashes e.g., ---..., allowing an attacker to break out of an XML comment and inject...

EUVD-2008-4596

Malware in sbrugna...

CVE-2016-20002

The REST/JSON project 7.x-1.x for Drupal allows comment access bypass, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy...

Drupal Security Vulnerabilities

Drupal is an open source content management system developed in PHP by the Drupal community. A security vulnerability exists in Drupal REST/JSON project 7.x-1.x that allows comment access bypass...

CVE-2018-17077

An issue was discovered in yiqicms through 2016-11-20. There is stored XSS in comment.php because a length limit can be bypassed...

CVE-2013-7196

PHPFox 3.7.3–3.7.5 contains a flaw in static/ajax.php that allows remote authenticated users to bypass the "Only Me" privacy setting and post a comment on private publications by manipulating the val[item_id] parameter. The root cause is insufficient access control in AJAX comment/like handling, ...

GuestBookPlus HTML Injection / Comment Bypass

======================================================================= In the name of ALLAH ! ======================================================================= GuestBookPlus Script PHP HTML Injection Vuln. =======================================================================...

phpShop 0.8.1 - SQL Injection Filter Bypass

phpShop 0.8.1 - SQL Injection Filter Bypass Vendor : PHPShop Webiste : http://www.phpshop.org Version : v0.8.1 Author: the redc0ders / theredc0dersatgmaildotcom Condition: magicquotegpc = off , in php.ini setting Details : ========== Vulnerable Code in index.php near lines 98 - 128 code // basic...