ibexa/admin-ui Security Advisories (4)
-
[MEDIUM] Ibexa Admin UI vulnerable to Cross-site Scripting in a field that is used in the Content name pattern
PKSA-t2fv-4pjc-5rpc CVE-2024-53864 GHSA-8w3p-gf85-qcch
Affected version: >=4.6.0,<4.6.14
Reported by:
GitHub -
[MEDIUM] Ibexa Admin UI vulnerable to DOM-based Cross-site Scripting in file upload widget
PKSA-k3xd-28dp-hq98 CVE-2024-39318 GHSA-qm44-wjm2-pr59
Affected version: >=4.6.0-beta1,<4.6.9
Reported by:
GitHub -
[CRITICAL] Ibexa DXP users with the Company admin role can assign any role to any user
PKSA-thcc-msg1-sncj GHSA-g6jc-xrc3-4wwq
Affected version: >=4.2.0,<4.2.3
Reported by:
GitHub -
[CRITICAL] ibexa/admin-ui vulnerable to Cross-site Scripting in content type name/shortname
PKSA-j8qt-2p1x-j567 GHSA-7644-cxp8-h23r
Affected version: >=4.2.0,<4.2.3
Reported by:
GitHub