CVE-2017-20167

A vulnerability, which was classified as problematic, was found in Minichan. This affects an unknown part of the file reports.php. The manipulation of the argument headline leads to cross site scripting. It is possible to initiate the attack remotely. The name of the patch is fc0e732e58630cba318d6bf49d1388a7aa9d390e. It is recommended to apply a patch to fix this issue. The identifier VDB-217785 was assigned to this vulnerability.

Source: CVE-2017-20167

CVE-2023-0300

Cross-site Scripting (XSS) – Reflected in GitHub repository alfio-event/alf.io prior to 2.0-M4-2301.

Source: CVE-2023-0300

CVE-2023-0301

Cross-site Scripting (XSS) – Stored in GitHub repository alfio-event/alf.io prior to Alf.io 2.0-M4-2301.

Source: CVE-2023-0301

CVE-2023-0299

Improper Input Validation in GitHub repository publify/publify prior to 9.2.10.

Source: CVE-2023-0299

CVE-2022-2815

Insecure Storage of Sensitive Information in GitHub repository publify/publify prior to 9.2.10.

Source: CVE-2022-2815

CVE-2022-1812

Integer Overflow or Wraparound in GitHub repository publify/publify prior to 9.2.10.

Source: CVE-2022-1812

CVE-2022-38467

Reflected Cross-Site Scripting (XSS) vulnerability in CRM Perks Forms – WordPress Form Builder <= 1.1.0 ver.

Source: CVE-2022-38467

CVE-2022-45353

Broken Access Control in Betheme theme <= 26.6.1 on WordPress.

Source: CVE-2022-45353

CVE-2023-22602

When using Apache Shiro before 1.11.0 together with Spring Boot 2.6+, a specially crafted HTTP request may cause an authentication bypass. The authentication bypass occurs when Shiro and Spring Boot are using different pattern-matching techniques. Both Shiro and Spring Boot < 2.6 default to Ant style pattern matching. Mitigation: Update to Apache Shiro 1.11.0, or set the following Spring Boot configuration value: `spring.mvc.pathmatch.matching-strategy = ant_path_matcher`

Source: CVE-2023-22602

CVE-2023-0298

Improper Authorization in GitHub repository firefly-iii/firefly-iii prior to 5.8.0.

Source: CVE-2023-0298