GHSA-95m2-chm4-mq7m: PHP-Textile has persistent XSS vulnerability in image link handling

January 7, 2025

The attacker can perform any operation in the application with user’s privileges or remotely control user’s browser with automated tools.

References

github.com/advisories/GHSA-95m2-chm4-mq7m
github.com/textile/php-textile
github.com/textile/php-textile/commit/ab18ae9703bee8b15f1b9d889d40e1881728bae6
github.com/textile/php-textile/security/advisories/GHSA-95m2-chm4-mq7m

Code Behaviors & Features

Detect and mitigate GHSA-95m2-chm4-mq7m with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →