15 matches found
EUVD-2022-0630
Malicious code in bioql PyPI...
[SECURITY] Fedora 35 Update: php-laminas-form-2.17.1-1.fc35
The Laminas\Form is intended primarily as a bridge between your domain models and the View Layer. It composes a thin layer of objects representing form elements, an InputFilter, and a small number of methods for binding data to and from the form and attached objects. Documentation:...
[SECURITY] Fedora 34 Update: php-laminas-form-2.17.1-1.fc34
The Laminas\Form is intended primarily as a bridge between your domain models and the View Layer. It composes a thin layer of objects representing form elements, an InputFilter, and a small number of methods for binding data to and from the form and attached objects. Documentation:...
Fedora: Security Advisory for php-laminas-form (FEDORA-2022-a42e97d8e8)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora: Security Advisory for php-laminas-form (FEDORA-2022-c138fbb8e0)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Cross-site Scripting (XSS)
laminas/laminas-form is vulnerable to cross-site scripting XSS attacks. A remote unauthenticated attacker is able to inject and execute malicious javascript on victim's browser through the unescaped submitted values when rendering validation error messages via the formElementErrors function...
GHSA-JQ4P-MQ33-W375 Cross-site Scripting when rendering error messages in laminas-form
Impact When rendering validation error messages via the formElementErrors view helper shipped with laminas-form, many messages will contain the submitted value. However, in vulnerable versions of laminas-form, the value was not being escaped for HTML contexts, which can potentially lead to a...
CVE-2022-23598
laminas-form is a package for validating and displaying simple and complex forms. When rendering validation error messages via the formElementErrors view helper shipped with laminas-form, many messages will contain the submitted value. However, in laminas-form prior to version 3.1.1, the value wa...
Cross site scripting
laminas-form is a package for validating and displaying simple and complex forms. When rendering validation error messages via the formElementErrors view helper shipped with laminas-form, many messages will contain the submitted value. However, in laminas-form prior to version 3.1.1, the value wa...
CVE-2022-23598 Reflected XSS vulnerability when rendering error messages in laminas-form
laminas-form is a package for validating and displaying simple and complex forms. When rendering validation error messages via the formElementErrors view helper shipped with laminas-form, many messages will contain the submitted value. However, in laminas-form prior to version 3.1.1, the value wa...
CVE-2022-23598
laminas-form is vulnerable to reflected XSS when rendering validation error messages via formElementErrors() in versions prior to 3.1.1, because submitted values were not escaped in HTML contexts. The CVE description notes that 3.1.1 and newer include a patch. A workaround exists (code to escape ...
CVE-2022-23598 Reflected XSS vulnerability when rendering error messages in laminas-form
laminas-form is a package for validating and displaying simple and complex forms. When rendering validation error messages via the formElementErrors view helper shipped with laminas-form, many messages will contain the submitted value. However, in laminas-form prior to version 3.1.1, the value wa...
CVE-2022-23598 Reflected XSS vulnerability when rendering error messages in laminas-form
laminas-form is a package for validating and displaying simple and complex forms. When rendering validation error messages via the formElementErrors view helper shipped with laminas-form, many messages will contain the submitted value. However, in laminas-form prior to version 3.1.1, the value wa...
Reflected XSS vectors in laminas/laminas-form
The package laminas/laminas-form contains a laminas/laminas-view view helper for emitting form element, fieldset, and/or form validation errors, formElementError. Validation messages can contain the original input, potentially resulting in a Reflected XSS vulnerability. Affected versions...
laminas-form 跨站脚本漏洞
laminas-form is an open source library , mainly used as a bridge between the domain model and the view layer . It consists of a thin object layer representing form elements, an InputFilter, and a handful of methods for binding data to the form and attaching objects. A security vulnerability exist...