[MEDIUM] CVE-2023-49783 No permission checks for editing or deleting records with CSV import form

PKSA-ms6r-5yrz-36rx CVE-2023-49783 GHSA-j3m6-gvm8-mhvw

Affected version: >=1.0.0,<1.13.19|>=2.0.0,<2.1.8

Reported by:
GitHub, FriendsOfPHP/security-advisories

[MEDIUM] SS-2023-002 - Cross-site scripting (XSS) vulnerabilities inherited form TinyMCE

PKSA-dfr9-j5tz-nqsk GHSA-jxcx-3h54-qqxx

Affected version: >=1.0.0,<1.13.6

Reported by:
GitHub, FriendsOfPHP/security-advisories

[MEDIUM] SS-2023-001 - XSS vulnerability in underlying TinyMCE library

PKSA-y8bg-mk3d-wx3s GHSA-4q66-g4mm-8rg5

Affected version: >=1.0.0,<1.12.7

Reported by:
GitHub, FriendsOfPHP/security-advisories

[MEDIUM] CVE-2022-38146 - URL XSS vulnerability due to outdated jquery in CMS

PKSA-cft2-kzgn-t4w3 CVE-2022-38146 GHSA-44xv-v98g-v79f

Affected version: >=1.0.0,<1.11.3

Reported by:
GitHub, FriendsOfPHP/security-advisories