GHSA-pxqj-xrv5-qvjf

Опубликовано: 11 янв. 2023

Источник: github

Github: Прошло ревью

Описание

XML-RPC for PHP's debugger vulnerable to possible XSS attack

The bundled xml-rpc debugger is susceptible to XSS attacks.

Since the debugger is not designed to be exposed to end users but only to the developers using this library, and in the default configuration it is not exposed to requests from the web, the likelihood of exploitation may be low.

Ссылки

https://github.com/gggeek/phpxmlrpc/security/advisories/GHSA-pxqj-xrv5-qvjf
https://github.com/gggeek/phpxmlrpc/releases/tag/4.9.2

Пакеты

Наименование

phpxmlrpc/phpxmlrpc

composer

Затронутые версииВерсия исправления

< 4.9.2

4.9.2

Дефекты

CWE-79

Дефекты

CWE-79