2 matches found
GHSA-PQH6-8FXF-JX22 phpMyFAQ has stored XSS via | raw Filter in search.twig — html_entity_decode(strip_tags()) Bypass in Search Result Rendering
Summary The search result rendering template search.twig outputs FAQ content fields result.question and result.answerPreview using Twig's | raw filter, which completely disables the template engine's built-in auto-escaping. A user with FAQ editor/contributor privileges can store a payload encoded...
Cross-site Scripting (XSS)
readthedocssphinxsearch is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper sanitization of user content in the search results rendering function. This potentially allowing an attacker to include arbitrary HTML content in these results and that can leads to XSS...