Security Advisories

PhpSpreadsheet allows unauthorized Reflected XSS in Currency.php file

GHSA-j2xg-cjcx-4677 CVE-2024-56409 HIGH 11 months ago

# Unauthorized Reflected XSS in `Currency.php` file **Product**: Phpspreadsheet **Version**: version 3.6.0 **CWE-ID**: CWE-79: Improper Neutraliza...

packagist

No PRs yet

PhpSpreadsheet allows unauthorized Reflected XSS in the Accounting.php file

GHSA-c6fv-7vh8-2rhr CVE-2024-56366 HIGH 11 months ago

# Unauthorized Reflected XSS in the `Accounting.php` file **Product**: Phpspreadsheet **Version**: version 3.6.0 **CWE-ID**: CWE-79: Improper Neut...

packagist

No PRs yet

PhpSpreadsheet allows unauthorized Reflected XSS in the constructor of the Downloader class

GHSA-jmpx-686v-c3wx CVE-2024-56365 HIGH 11 months ago

# Unauthorized Reflected XSS in the constructor of the `Downloader` class **Product**: Phpspreadsheet **Version**: version 3.6.0 **CWE-ID**: CWE-7...

packagist

No PRs yet

PhpSpreadsheet allows unauthorized Reflected XSS in `Convert-Online.php` file

GHSA-x88g-h956-m5xg CVE-2024-56408 HIGH 11 months ago

# Unauthorized Reflected XSS in `Convert-Online.php` file **Product**: Phpspreadsheet **Version**: version 3.6.0 **CWE-ID**: CWE-79: Improper Neutr...

packagist

No PRs yet

phpMyFAQ Vulnerable to Stored HTML Injection at FAQ

GHSA-ww33-jppq-qfrp CVE-2024-56199 MODERATE 11 months ago

### Summary Due to insufficient validation on the content of new FAQ posts, it is possible for authenticated users to inject malicious HTML or Java...

packagist

No PRs yet

The wp-enable-svg WordPress plugin does not sanitize SVG files when uploaded

GHSA-j77f-79w9-rghc CVE-2024-11184 MODERATE 11 months ago

The wp-enable-svg WordPress plugin through 0.2 does not sanitize SVG files when uploaded, allowing for authors and above to upload SVGs containing ...

packagist

No PRs yet

LGSL has a reflected XSS at /lgsl_files/lgsl_list.php

GHSA-ggwq-xc72-33r3 CVE-2024-56517 MODERATE 11 months ago

# Reflected XSS at /lgsl_files/lgsl_list.php **Description:** Vulnerability: A reflected XSS vulnerability exists in the `Referer` HTTP header o...

packagist

No PRs yet

TeamPass does not properly check whether a folder is in a user's allowed folders list

GHSA-2697-96mv-3gfm CVE-2024-50701 MODERATE 11 months ago

TeamPass before 3.1.3.1, when retrieving information about access rights for a folder, does not properly check whether a folder is in a user's allo...

packagist

No PRs yet

TeamPass privileges issue

GHSA-9wmc-988h-2mv2 CVE-2024-50703 CRITICAL 11 months ago

TeamPass before 3.1.3.1 does not properly prevent a user from acting with the privileges of a different user_id.

packagist

No PRs yet

TeamPass mail_me operation authorization issue

GHSA-7rm3-4w6j-8xx4 CVE-2024-50702 MODERATE 11 months ago

TeamPass before 3.1.3.1 does not properly check whether a mail_me (aka action_mail) operation is on behalf of an administrator or manager.

packagist

No PRs yet

Dcat-Admin Cross-Site Scripting (XSS) vulnerability

GHSA-37x3-j9jq-vrjx CVE-2024-54775 MODERATE 11 months ago

Dcat-Admin v2.2.0-beta and v2.2.2-beta contains a Cross-Site Scripting (XSS) vulnerability via /admin/auth/menu and /admin/auth/extensions.

packagist

No PRs yet

Dcat Admin Cross-site Scripting (XSS) vulnerability

GHSA-9q34-7hfr-h8jm CVE-2024-54774 MODERATE 11 months ago

Dcat Admin v2.2.0-beta contains a cross-site scripting (XSS) vulnerability in /admin/articles/create.

packagist

No PRs yet

TCPDF missing character escape on error messages

GHSA-qx95-cwh6-9mvq CVE-2024-56527 MODERATE 11 months ago

An issue was discovered in TCPDF before 6.8.0. The Error function lacks an htmlspecialchars call for the error message.

packagist

No PRs yet

TCPDF has incorrect comparison

GHSA-w95c-7994-ghpr CVE-2024-56522 HIGH 11 months ago

An issue was discovered in TCPDF before 6.8.0. unserializeTCPDFtag uses != (aka loose comparison) and does not use a constant-time function to comp...

packagist

No PRs yet

TCPDF lacks SVG sanitization

GHSA-4p8j-vhjm-6pvw CVE-2024-56519 MODERATE 11 months ago

An issue was discovered in TCPDF before 6.8.0. setSVGStyles does not sanitize the SVG font-family attribute.

packagist

No PRs yet

tecnickcom/tc-lib-pdf-font mishandles fonts

GHSA-grhh-r4jj-8jh7 CVE-2024-56520 MODERATE 11 months ago

An issue was discovered in tc-lib-pdf-font before 2.6.4, as used in TCPDF before 6.8.0 and other products. Fonts are mishandled, e.g., FontBBox for...

packagist

No PRs yet

TCPDF missing certificate validation

GHSA-9mgx-552f-59p6 CVE-2024-56521 HIGH 11 months ago

An issue was discovered in TCPDF before 6.8.0. If libcurl is used, CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER are set unsafely.

packagist

No PRs yet

lgsl Stored Cross-Site Scripting vulnerability

GHSA-xx95-62h6-h7v3 CVE-2024-56361 HIGH 11 months ago

### Summary A stored cross-site scripting (XSS) vulnerability was identified in lgsl. The issue arises from improper sanitation of user input. Eve...

packagist

No PRs yet

Cross-site Scripting vulnerability in SimpleXLSXEx::readThemeColors, SimpleXLSXEx::getColorValue and SimpleXLSX::toHTMLEx

GHSA-r87q-fj25-f8jf CVE-2024-56364 MODERATE 11 months ago

### Impact When calling the extended toHTMLEx method, it is possible to execute arbitrary JavaScript code. ### Patches The supplied patch resolves...

packagist

No PRs yet

Socialstream has a Potential Account Takeover Vulnerability in Social Account Linking Due to Missing User Consent After OAuth Callback

GHSA-3q97-vjpp-c8rp CVE-2024-56329 HIGH 11 months ago

## Description When linking a social account to an already authenticated user, the lack of a confirmation step introduces a security risk. This is...

packagist

No PRs yet

Browsershot Improper Input Validation vulnerability

GHSA-c9f5-29f6-c35w CVE-2024-21549 MODERATE 11 months ago

Versions of the package spatie/browsershot before 5.0.3 are vulnerable to Improper Input Validation due to improper URL validation through the setU...

packagist

No PRs yet

Craft CMS has potential RCE when PHP `register_argc_argv` config setting is enabled

GHSA-2p6p-9rc9-62j9 CVE-2024-56145 CRITICAL 12 months ago

### Impact You are affected if your php.ini configuration has `register_argc_argv` enabled. ### Patches Update to 3.9.14, 4.13.2, or 5.5.2. ### W...

packagist

No PRs yet

UniSharp Laravel Filemanager Code Injection vulnerability

GHSA-6569-3785-r3v6 CVE-2024-21546 HIGH 12 months ago

Versions of the package unisharp/laravel-filemanager before 2.9.1 are vulnerable to Remote Code Execution (RCE) through using a valid mimetype and ...

packagist

No PRs yet

Spatie Browsershot Directory Traversal vulnerability

GHSA-v528-6rq9-h6gw CVE-2024-21547 HIGH 12 months ago

Versions of the package spatie/browsershot before 5.0.2 are vulnerable to Directory Traversal due to URI normalisation in the browser where the fil...

packagist

No PRs yet

thorsten/phpmyfaq Unintended File Download Triggered by Embedded Frames

GHSA-m3r7-8gw7-qwvc CVE-2024-55889 MODERATE 12 months ago

### Summary A vulnerability exists in the FAQ Record component where a privileged attacker can trigger a file download on a victim's machine upon p...

packagist

No PRs yet

Laravel Pulse Allows Remote Code Execution via Unprotected Query Method

GHSA-8vwh-pr89-4mw2 CVE-2024-55661 HIGH 12 months ago

A vulnerability has been discovered in Laravel Pulse that could allow remote code execution through the public `remember()` method in the `Laravel\...

packagist

No PRs yet

Browsershot Local File Inclusion

GHSA-g2r4-phv7-5fgv CVE-2024-21544 MODERATE 12 months ago

Versions of the package spatie/browsershot before 5.0.1 are vulnerable to Improper Input Validation due to improper URL validation through the setU...

packagist

No PRs yet

Cross-site Scripting vulnerability in SimpleXLSXEx::readXfs and SimpeXLSX::toHTMLEx

GHSA-x6mh-rjwm-8ph7 CVE-2024-55878 MODERATE 12 months ago

### Impact When calling the extended toHTMLEx method, it is possible to execute arbitrary JavaScript code. ### Patches The supplied patch resolves...

packagist

No PRs yet

Drupal core Access bypass

GHSA-7cwc-fjqm-8vh8 CVE-2024-55634 MODERATE 12 months ago

Drupal's uniqueness checking for certain user fields is inconsistent depending on the database engine and its collation. As a result, a user may be...

packagist

No PRs yet

Drupal core contains a potential PHP Object Injection vulnerability

GHSA-938f-5r4f-h65v CVE-2024-55636 LOW 12 months ago

Drupal core contains a potential PHP Object Injection vulnerability that (if combined with another exploit) could lead to Artbitrary File Deletion....

packagist

No PRs yet

Drupal core contains a potential PHP Object Injection vulnerability

GHSA-w6rx-9g2x-mg5g CVE-2024-55637 HIGH 12 months ago

Drupal core contains a potential PHP Object Injection vulnerability that (if combined with another exploit) could lead to Remote Code Execution. It...

packagist

No PRs yet

Drupal core contains a potential PHP Object Injection vulnerability

GHSA-gvf2-2f4g-jqf4 CVE-2024-55638 HIGH 12 months ago

Drupal core contains a potential PHP Object Injection vulnerability that (if combined with another exploit) could lead to Remote Code Execution. It...

packagist

No PRs yet

Drupal Core Cross-Site Scripting (XSS)

GHSA-8mvq-8h2v-j9vf CVE-2024-12393 MODERATE 12 months ago

Drupal uses JavaScript to render status messages in some cases and configurations. In certain situations, the status messages are not adequately sa...

packagist

No PRs yet

league/commonmark's quadratic complexity bugs may lead to a denial of service

GHSA-c2pc-g5qf-rfrf HIGH 12 months ago

### Impact Several polynomial time complexity issues in league/commonmark may lead to unbounded resource exhaustion and subsequent denial of servi...

packagist

145

Dependabot PRs

29%

Merged

Winter CMS Modules allows a sandbox bypass in Twig templates leading to data modification and deletion

GHSA-xhw3-4j3m-hq53 CVE-2024-54149 HIGH 12 months ago

### Impact Affected versions of Winter CMS allow users with access to the CMS templates sections that modify Twig files to bypass the sandbox plac...

packagist

No PRs yet

phpMyFAQ Generates an Error Message Containing Sensitive Information if database server is not available

GHSA-vrjr-p3xp-xx2x CVE-2024-54141 HIGH 12 months ago

### Summary Exposure of database (ie postgreSQL) server's credential when connection to DB fails. ### Details Exposed database credentials upon mi...

packagist

No PRs yet

LibreNMS stored cross-site scripting (XSS) vulnerability in the Device Settings section

GHSA-6c5q-fg3g-qhhv CVE-2024-53457 MODERATE 12 months ago

A stored cross-site scripting (XSS) vulnerability in the Device Settings section of LibreNMS v24.9.0 to v24.10.0 allows attackers to execute arbitr...

packagist

No PRs yet

Drupal core vulnerable to improper error handling

GHSA-52jr-x6h6-xj6g CVE-2024-11942 MODERATE 12 months ago

Under certain uncommon site configurations, a bug in the CKEditor 5 module can cause some image uploads to move the entire webroot to a different l...

packagist

No PRs yet

Drupal core Denial of Service

GHSA-xq54-x54m-vcpx CVE-2024-11941 HIGH 12 months ago

The Comment module allows users to reply to comments. In certain cases, an attacker could make comment reply requests that would trigger a denial o...

packagist

No PRs yet

ibexa/post-install affected by Breach with Varnish VCL

GHSA-4h8f-c635-25p7 MODERATE 12 months ago

### Impact This is not a vulnerability in the code per se, but included platform.sh Varnish VCL templates and Apache/Nginx vhost templates enable c...

packagist

No PRs yet

ibexa/http-cache affected by Breach with Varnish VCL

GHSA-fh7v-q458-7vmw MODERATE 12 months ago

### Impact This is not a vulnerability in the code per se, but included Varnish VCL templates enable compression of API and JSON messages. This is ...

packagist

No PRs yet

ezsystems/ezplatform-http-cache affected by Breach with Varnish VCL

GHSA-mgfg-7533-7jf6 MODERATE 12 months ago

### Impact This is not a vulnerability in the code per se, but included Varnish VCL templates enable compression of API and JSON messages. This is ...

packagist

No PRs yet

Ibexa Admin UI vulnerable to Cross-site Scripting in a field that is used in the Content name pattern

GHSA-8w3p-gf85-qcch CVE-2024-53864 MODERATE 12 months ago

### Impact The Content name pattern is used to build Content names from one or more fields. An XSS vulnerability has been found in this mechanism. ...

packagist

No PRs yet

SimpleSAMLphp SAML2 has an XXE in parsing SAML messages

GHSA-pxm4-r5ph-q2m2 CVE-2024-52806 MODERATE 12 months ago

Summary When loading an (untrusted) XML document, for example the SAMLResponse, it's possible to induce an XXE. $options is defined as: https://g...

packagist

No PRs yet

SimpleSAMLphp xml-common XXE vulnerability

GHSA-2x65-fpch-2fcm CVE-2024-52596 HIGH 12 months ago

Summary When loading an (untrusted) XML document, for example the SAMLResponse, it's possible to induce an XXE. $options is defined as: https://g...

packagist

No PRs yet

SPEmailHandler-PHP has Potential Abuse for Sending Arbitrary Emails

GHSA-mj5r-x73q-fjw6 CVE-2024-53860 HIGH about 1 year ago

### Impact Messages sent using this script are vulnerable to abuse, as the script allows anybody to specify arbitrary email recipients and include ...

packagist

No PRs yet

TCPDF Local File Inclusion vulnerability

GHSA-rmv2-8jjc-23xw CVE-2024-51058 MODERATE about 1 year ago

Local File Inclusion (LFI) vulnerability has been discovered in TCPDF 6.7.5. This vulnerability enables a user to read arbitrary files from the ser...

packagist

No PRs yet

Moodle Lesson activity password bypass through PHP loose comparison

GHSA-xfv7-h2qg-rjm7 CVE-2024-45691 MODERATE about 1 year ago

A flaw was found in Moodle. When restricting access to a lesson activity with a password, certain passwords could be bypassed or less secure due to...

packagist

No PRs yet

Moodle allows users to retrieve information they did not have permission to access

GHSA-j822-x5gg-5r56 CVE-2024-45689 MODERATE about 1 year ago

A flaw was found in Moodle. Dynamic tables did not enforce capability checks, which resulted in users having the ability to retrieve information th...

packagist

No PRs yet

Moodle IDOR when deleting OAuth2 linked accounts

GHSA-fhg2-r2h9-h7q8 CVE-2024-45690 MODERATE about 1 year ago

A flaw was found in Moodle. Additional checks were required to ensure users can only delete their OAuth2-linked accounts.

packagist

No PRs yet

24,785

1,792

3,506

8,617

PhpSpreadsheet allows unauthorized Reflected XSS in Currency.php file

PhpSpreadsheet allows unauthorized Reflected XSS in the Accounting.php file

PhpSpreadsheet allows unauthorized Reflected XSS in the constructor of the Downloader class

PhpSpreadsheet allows unauthorized Reflected XSS in `Convert-Online.php` file

phpMyFAQ Vulnerable to Stored HTML Injection at FAQ

The wp-enable-svg WordPress plugin does not sanitize SVG files when uploaded

LGSL has a reflected XSS at /lgsl_files/lgsl_list.php

TeamPass does not properly check whether a folder is in a user's allowed folders list

TeamPass privileges issue

TeamPass mail_me operation authorization issue

Dcat-Admin Cross-Site Scripting (XSS) vulnerability

Dcat Admin Cross-site Scripting (XSS) vulnerability

TCPDF missing character escape on error messages

TCPDF has incorrect comparison

TCPDF lacks SVG sanitization

tecnickcom/tc-lib-pdf-font mishandles fonts

TCPDF missing certificate validation

lgsl Stored Cross-Site Scripting vulnerability

Cross-site Scripting vulnerability in SimpleXLSXEx::readThemeColors, SimpleXLSXEx::getColorValue and SimpleXLSX::toHTMLEx

Socialstream has a Potential Account Takeover Vulnerability in Social Account Linking Due to Missing User Consent After OAuth Callback

Browsershot Improper Input Validation vulnerability

Craft CMS has potential RCE when PHP `register_argc_argv` config setting is enabled

UniSharp Laravel Filemanager Code Injection vulnerability

Spatie Browsershot Directory Traversal vulnerability

thorsten/phpmyfaq Unintended File Download Triggered by Embedded Frames

Laravel Pulse Allows Remote Code Execution via Unprotected Query Method

Browsershot Local File Inclusion

Cross-site Scripting vulnerability in SimpleXLSXEx::readXfs and SimpeXLSX::toHTMLEx

Drupal core Access bypass

Drupal core contains a potential PHP Object Injection vulnerability

Drupal core contains a potential PHP Object Injection vulnerability

Drupal core contains a potential PHP Object Injection vulnerability

Drupal Core Cross-Site Scripting (XSS)

league/commonmark's quadratic complexity bugs may lead to a denial of service

Winter CMS Modules allows a sandbox bypass in Twig templates leading to data modification and deletion

phpMyFAQ Generates an Error Message Containing Sensitive Information if database server is not available

LibreNMS stored cross-site scripting (XSS) vulnerability in the Device Settings section

Drupal core vulnerable to improper error handling

Drupal core Denial of Service

ibexa/post-install affected by Breach with Varnish VCL

ibexa/http-cache affected by Breach with Varnish VCL

ezsystems/ezplatform-http-cache affected by Breach with Varnish VCL

Ibexa Admin UI vulnerable to Cross-site Scripting in a field that is used in the Content name pattern

SimpleSAMLphp SAML2 has an XXE in parsing SAML messages

SimpleSAMLphp xml-common XXE vulnerability

SPEmailHandler-PHP has Potential Abuse for Sending Arbitrary Emails

TCPDF Local File Inclusion vulnerability

Moodle Lesson activity password bypass through PHP loose comparison

Moodle allows users to retrieve information they did not have permission to access

Moodle IDOR when deleting OAuth2 linked accounts