2 matches found
PT-2026-33243
Name of the Vulnerable Software and Affected Versions Postiz versions prior to 2.21.6 Description Postiz is an open-source social media management tool with over 28 platform integrations. The software contains a flaw that allows arbitrary file upload through MIME-type spoofing, which can lead to...
WordPress: antispambot does not always escape <, >, &, " and '
The antispambot function escapes some randomly selected characters from its first argument, for example: , &, ", or '. These last five characters should always be escaped. There is a chance that this will print out unescaped: console.log"hello";'; Even though the chance of this happening is low,...