[MEDIUM] CVE-2024-53277 - XSS in form messages

PKSA-gr7c-c3q7-zxkd CVE-2024-53277 GHSA-ff6q-3c9c-6cf5

Affected version: <5.3.8

Reported by:
GitHub, FriendsOfPHP/security-advisories

[MEDIUM] CVE-2024-47605 - XSS via insert media remote file oembed

PKSA-spqx-5bk6-c9yk CVE-2024-47605 GHSA-7cmp-cgg8-4c82

Affected version: <5.3.8

Reported by:
GitHub, FriendsOfPHP/security-advisories

[LOW] SS-2024-002 - Reflected Cross Site Scripting (XSS) in error message

PKSA-24rt-ffr7-cj1w GHSA-74j9-xhqr-6qv3

Affected version: <5.3.8

Reported by:
GitHub, FriendsOfPHP/security-advisories

[LOW] SS-2024-001 - TinyMCE allows svg files linked in object tags

PKSA-8tf6-2hv5-c6tq GHSA-mqf3-qpc3-g26q

Affected version: <5.2.16

Reported by:
GitHub, FriendsOfPHP/security-advisories

[MEDIUM] CVE-2024-32981 - XSS Vulnerability with text/html base64-encoded payload

PKSA-jndv-7cgy-xwm3 CVE-2024-32981 GHSA-chx7-9x8h-r5mg

Affected version: <5.2.16

Reported by:
GitHub, FriendsOfPHP/security-advisories

[MEDIUM] CVE-2023-48714 Record titles for restricted records can be viewed if exposed by GridFieldAddExistingAutocompleter

PKSA-vcdc-4796-kn58 CVE-2023-48714 GHSA-qm2j-qvq3-j29v

Affected version: >=3.0.0,<4.0.0|>=4.0.0,<4.13.39|>=5.0.0,<5.1.11

Reported by:
GitHub, FriendsOfPHP/security-advisories

[LOW] CVE-2023-32302 - Members with no password can be created and bypass custom login forms

PKSA-2t2m-vnwy-55q7 CVE-2023-32302 GHSA-36xx-7vf6-7mv3

Affected version: >=3.0.0,<4.13.14|>=5.0.0,<5.0.13

Reported by:
GitHub, FriendsOfPHP/security-advisories