Magento LTS vulnerable to Stored XSS via TinyMCE WYSIWYG Editor

From HackerOne report 1948040 by Halit AKAYDIN hltakydn Impact What kind of vulnerability is it? Who is impacted? The TinyMCE WYSIWYG editor fails to filter scripts when rendering the HTML in specially crafted HTML tags. Patches Has the problem been patched? What versions should users upgrade to?...

CVE-2022-29183 Reflected XSS in GoCD

GoCD is a continuous delivery server. GoCD versions 20.2.0 until 21.4.0 are vulnerable to reflected cross-site scripting via abuse of the pipeline comparison function's error handling to render arbitrary HTML into the returned page. This could allow an attacker to trick a victim into executing co...