CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

Cross-site Scripting (XSS) - Stored in Maven org.webjars.npm:github-com-chatwoot-chatwoot prior to 2.2.0.

**Title**

Stored XSS in `custom_attributes`

**Description**

Relying on frontend URI check without verifying it on the backend allows to inject arbitrary JS code.

**Steps to reproduce**

1.  1\. Create a custom attribute, set its type to `Link`
2.  2\. Navigate to any conversation, click on the right sidebar.
3.  3\. Add a custom attribute, set its value to any valid URI.
4.  4\. While intercepting traffic save a new value, observe an outcoming request to `/api/v1/accounts/2/conversations/1/custom_attributes`
5.  5\. In `POST` request's body use something like:

    {
      "custom_attributes":{
          "{yourAttributesName}":"javascript:alert(document.domain)"
      }
    }
    

6.  6\. Click on the link, trigger an XSS.

`Note: it works in Safari and Firefox, not Chrome`

**Proof of Concept**

Video PoC

**Impact**

This vulnerability is capable of running arbitrary JS code.

Headline

CVE-2022-0526: Cross-site Scripting (XSS) - Stored in chatwoot

CVE: Latest News