4 matches found
GHSA-788M-PJ96-7W2C Cross-Site Scripting in fomantic-ui
Versions of fomantic-ui are vulnerable to Cross-Site Scripting. Lack of output encoding on the selection dropdowns can lead to user input being executed instead of printed as text. Recommendation Upgrade to version 2.7.0 or later...
Cross-Site Scripting in fomantic-ui
Versions of fomantic-ui are vulnerable to Cross-Site Scripting. Lack of output encoding on the selection dropdowns can lead to user input being executed instead of printed as text. Recommendation Upgrade to version 2.7.0 or later...
gitea -- multiple vulnerabilities
The Gitea Team reports for release 1.11.0: Never allow an empty password to validate 9682 9683 Prevent redirect to Host 9678 9679 Swagger hide search field 9554 Add "search" to reserved usernames 9063 Switch to fomantic-ui 9374 Only serve attachments when linked to issue/release and if accessible...
Cross-Site Scripting
Overview Versions of fomantic-ui are vulnerable to Cross-Site Scripting. Lack of output encoding on the selection dropdowns can lead to user input being executed instead of printed as text. Recommendation Upgrade to version 2.7.0 or later. References - GitHub Release - GitHub Advisory...