4 matches found
PT-2024-35155
Name of the Vulnerable Software and Affected Versions authentik versions prior to 2024.8.5 authentik version 2024.8.5 and 2024.10.3 are not affected, but all versions prior to 2024.8.5 are vulnerable. However, the correct interpretation is that versions prior to 2024.8.5 are affected. Corrected...
Design/Logic Flaw
lib/omniauth/failureendpoint.rb in OmniAuth before 1.9.2 and before 2.0 does not escape the messagekey value...
PT-2021-23436 · Mybb · Mybb
Name of the Vulnerable Software and Affected Versions: MyBB versions prior to 1.8.28 Description: The issue allows stored XSS because the displayed Template Name value in the Admin CP's theme management is not escaped properly. Recommendations: For versions prior to 1.8.28, update to version 1.8....
Open-Xchange: XSS - Search - Unescaped contact job
The function responsible for formatting the contact's job company and position doesn't escape its value, which allows to inject arbitrary HTML content. javascript // master/ui/apps/io.ox/contacts/common-extensions.js // develop/ui/apps/io.ox/contacts/listview.js bright: function baton var text =...