4 matches found
CVE-2023-0300 Cross-site Scripting (XSS) - Reflected in alfio-event/alf.io
Cross-site Scripting XSS - Reflected in GitHub repository alfio-event/alf.io prior to 2.0-M4-2301...
CVE-2023-0300 Cross-site Scripting (XSS) - Reflected in alfio-event/alf.io
Cross-site Scripting XSS - Reflected in GitHub repository alfio-event/alf.io prior to 2.0-M4-2301...
CVE-2023-0300 Cross-site Scripting (XSS) - Reflected in alfio-event/alf.io
Cross-site Scripting XSS - Reflected in GitHub repository alfio-event/alf.io prior to 2.0-M4-2301...
CVE-2023-0300
CVE-2023-0300 is a reflected XSS in alf.io (alfio-event/alf.io) prior to version 2.0-M4-2301. The root cause is improper handling/encoding of user-controlled input in the Groups component, enabling HTML/script injection in responses. Impact is limited to browsers where the input is reflected, wit...