[HIGH] Directory traversal vulnerability in the file manager

PKSA-3m2g-ygwq-rxnz CVE-2023-29200 GHSA-fp7q-xhhw-6rj3

Affected version: >=4.9.0,<4.9.40|>=4.13.0,<4.13.21|>=5.1.0,<5.1.4

Reported by:
FriendsOfPHP/security-advisories, GitHub

[HIGH] Privilege escalation with the form generator

PKSA-vfyp-1pdz-qxfn CVE-2021-37627 GHSA-hq5m-mqmx-fw6m

Affected version: >=4.0.0,<4.4.56|>=4.5.0,<4.6.0|>=4.6.0,<4.7.0|>=4.7.0,<4.8.0|>=4.8.0,<4.9.0|>=4.9.0,<4.9.18|>=4.10.0,<4.11.0|>=4.11.0,<4.11.7

Reported by:
FriendsOfPHP/security-advisories, GitHub

[MEDIUM] PHP file inclusion via insert tags

PKSA-33hj-wh6g-5wzq CVE-2021-37626 GHSA-r6mv-ppjc-4hgr

Affected version: >=4.0.0,<4.4.56|>=4.5.0,<4.6.0|>=4.6.0,<4.7.0|>=4.7.0,<4.8.0|>=4.8.0,<4.9.0|>=4.9.0,<4.9.18|>=4.10.0,<4.11.0|>=4.11.0,<4.11.7

Reported by:
FriendsOfPHP/security-advisories, GitHub

[MEDIUM] Cross site scripting via HTML attributes in the back end

PKSA-rc7z-49pc-5drp CVE-2021-35955 GHSA-hr3h-x6gq-rqcp

Affected version: >=4.0.0,<4.4.56|>=4.5.0,<4.6.0|>=4.6.0,<4.7.0|>=4.7.0,<4.8.0|>=4.8.0,<4.9.0|>=4.9.0,<4.9.18|>=4.10.0,<4.11.0|>=4.11.0,<4.11.7

Reported by:
FriendsOfPHP/security-advisories, GitHub

[MEDIUM] Cross-site scripting (XSS) vulnerability in the system log

PKSA-vwzw-wjqk-61c9 CVE-2021-35210 GHSA-h58v-c6rf-g9f7

Affected version: >=4.5.0,<4.9.16|>=4.10.0,<4.11.0|>=4.11.0,<4.11.5

Reported by:
FriendsOfPHP/security-advisories, GitHub

[MEDIUM] Insert tag injection in front end forms

PKSA-1cjk-ccfw-jwsc CVE-2020-25768 GHSA-f7wm-x4gw-6m23

Affected version: >=4.0.0,<4.4.52|>=4.5.0,<4.6.0|>=4.6.0,<4.7.0|>=4.7.0,<4.8.0|>=4.8.0,<4.9.0|>=4.9.0,<4.9.6|>=4.10.0,<4.10.1

Reported by:
FriendsOfPHP/security-advisories, GitHub