Cross site scripting via input unit widget

CVE-2023-36806

Affected version: >=5.0.0,<5.1.10|>=4.10.0,<4.13.28|>=4.0.0,<4.9.42

Reported by:
GitHub

Directory traversal vulnerability in the file manager

CVE-2023-29200

Affected version: >=4.9.0,<4.9.40|>=4.13.0,<4.13.21|>=5.1.0,<5.1.4

Reported by:
FriendsOfPHP/security-advisories

Cross site scripting via canonical URL

CVE-2022-24899

Affected version: >=4.13.0,<4.13.3

Reported by:
FriendsOfPHP/security-advisories, GitHub