2 matches found
Cross site scripting
Cross-site Scripting in the tag name pattern field in the tag protections UI in GitHub Enterprise Server allows a malicious website that requires user interaction and social engineering to make changes to a user account via CSP bypass with created CSRF tokens. This vulnerability affected all...
PT-2024-14102 · Github · Github Enterprise Server
Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions 3.8.12 through 3.11.2 Description: The issue allows a malicious website to perform Cross-site Scripting in the tag name pattern field in the tag protections UI, requiring user interaction. Recommendations: Fo...