Lucene search

K

Thephpleague Security Vulnerabilities

cve
cve

CVE-2021-32708

Flysystem is an open source file storage library for PHP. The whitespace normalisation using in 1.x and 2.x removes any unicode whitespace. Under certain specific conditions this could potentially allow a malicious user to execute code remotely. The conditions are: A user is allowed to supply the.....

9.8CVSS

8.2AI Score

0.007EPSS

2021-06-24 05:15 PM
90
cve
cve

CVE-2023-37260

league/oauth2-server is an implementation of an OAuth 2.0 authorization server written in PHP. Starting in version 8.3.2 and prior to version 8.5.3, servers that passed their keys to the CryptKey constructor as as string instead of a file path will have had that key included in a LogicException...

8.2CVSS

7.5AI Score

0.001EPSS

2023-07-06 04:15 PM
2327
cve
cve

CVE-2018-20583

Cross-site scripting (XSS) vulnerability in the PHP League CommonMark library versions 0.15.6 through 0.18.x before 0.18.1 allows remote attackers to insert unsafe URLs into HTML (even if allow_unsafe_links is false) via a newline character (e.g., writing javascript as...

6.1CVSS

5.9AI Score

0.001EPSS

2022-10-03 04:22 PM
42
cve
cve

CVE-2019-10010

Cross-site scripting (XSS) vulnerability in the PHP League CommonMark library before 0.18.3 allows remote attackers to insert unsafe links into HTML by using double-encoded HTML entities that are not properly escaped during rendering, a different vulnerability than...

6.1CVSS

5.9AI Score

0.001EPSS

2019-03-24 06:29 PM
49