Описание
Known v1.3.1 Cross-site Scripting
A cross-site scripting (XSS) vulnerability in Known v1.3.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Your Name text field.
The researcher report indicates that versions 1.3.1 and prior are vulnerable. Version 1.2.2 is the last version tagged on GitHub and in Packagist, and development related to the 1.3.x branch is currently on the dev branch of the idno/known repository.
Пакеты
Наименование
idno/known
composer
Затронутые версииВерсия исправления
<= 1.3.1
Отсутствует
Связанные уязвимости
CVSS3: 5.4
nvd
больше 3 лет назад
A cross-site scripting (XSS) vulnerability in Known v1.2.2+2020061101 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Your Name text field.