Cross-site Scripting (XSS) - Reflected in GitHub repository instantsoft/icms2 prior to 2.16.1.

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   Pricing

**Search code, repositories, users, issues, pull requests...**

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

CVE-2023-4655: Fix file field xss · instantsoft/icms2@a6a30e7

Cross-site Scripting (XSS) - Stored in GitHub repository instantsoft/icms2 prior to 2.16.1-git.

Expand Up

@@ -285,15 +285,16 @@ private function uploadPackage(){

  

files\_clear\_directory(cmsConfig::get('upload\_path') . $this\->installer\_upload\_path);

  

$result = $this\->cms\_uploader\->upload($this\->upload\_name, $this\->upload\_exts, 0, $this\->installer\_upload\_path);

$result = $this\->cms\_uploader\->setAllowedMime(\[

'application/zip'

\])->upload($this\->upload\_name, $this\->upload\_exts, 0, $this\->installer\_upload\_path);

  

if (!$result\['success'\]){

cmsUser::addSessionMessage($result\['error'\], 'error');

return false;

}

  

return $result\['name'\];

  

}

  

}

CVE-2023-4652: Fixed upload XSS with wrong extension · instantsoft/icms2@7a7e57e

Brocade SANnav Web interface before Brocade SANnav v2.3.0 and v2.2.2a
 allows remote unauthenticated users to bypass web authentication and 
authorization.



CVE-2023-31424 - Web authentication and authorization bypass

**Brocade Security Advisory ID**

**BSA-2023-2364**

**Component**

**WebGUI**

**Summary**

Brocade SANnav web interface before Brocade SANnav v2.3.0 and v2.2.2a allow remote unauthenticated users to bypass web authentication and authorization.

**Products Affected**

Brocade SANnav before Brocade SANnav v2.3.0 and v2.2.2a

**Solution**

Security update provided in Brocade SANnav v2.3.0 and Brocade SANnav v2.2.2a

**Credit**

This issue was discovered during internal penetration testing.

**Revision History**

**Version**

**Change**

**Date**

1.0

Initial Publication  

August 29, 2023

Disclaimer

THIS DOCUMENT IS PROVIDED ON AN AS-IS BASIS SOLELY FOR INFORMATIONAL PURPOSES AND DOES NOT IMPLY ANY KIND OF GUARANTY OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. YOUR USE OF THE INFORMATION CONTAINED HEREIN IS AT YOUR OWN RISK. ALL INFORMATION PROVIDED HEREIN IS BASED ON BROCADE'S CURRENT KNOWLEDGE AND UNDERSTANDING OF THE VULNERABILITY AND IMPACT TO BROCADE HARDWARE AND SOFTWARE PRODUCTS. BROCADE RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.

CVE-2023-31424: Support Content Notification - Support Portal - Broadcom support portal

Possible
 information exposure through log file vulnerability where sensitive 
fields are recorded in the configuration log without masking on Brocade 
SANnav before v2.3.0 and 2.2.2a. Notes:
 To access the logs, the local attacker must have access to an already collected Brocade SANnav "supportsave" 
outputs.



CVE-2023-31423 - Possible information exposure through log file vulnerability

**Brocade Security Advisory ID**

**BSA-2023-2365**

**Component**

**Brocade Suportsave**

**Summary**

Possible information exposure through log file vulnerability where sensitive fields are recorded in the configuration log without masking on Brocade SANnav before v2.3.0 and 2.2.2a.

Notes: To access the logs, the attacker must first collect a "supportsave" on Brocade SANnav or have access to an already collected "supportsave" outputs

**Products Affected**

Brocade SANnav before v2.3.0 and 2.2.2a

**Solution**

Security update provided in Brocade SANnav v2.3.0 and Brocade SANnav v2.2.2a.

**Credit**

The issue was found during internal penetration testing

**Revision History**

**Version**

**Change**

**Date**

1.0

Initial Publication

August 29, 2023

Disclaimer

THIS DOCUMENT IS PROVIDED ON AN AS-IS BASIS SOLELY FOR INFORMATIONAL PURPOSES AND DOES NOT IMPLY ANY KIND OF GUARANTY OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. YOUR USE OF THE INFORMATION CONTAINED HEREIN IS AT YOUR OWN RISK. ALL INFORMATION PROVIDED HEREIN IS BASED ON BROCADE'S CURRENT KNOWLEDGE AND UNDERSTANDING OF THE VULNERABILITY AND IMPACT TO BROCADE HARDWARE AND SOFTWARE PRODUCTS. BROCADE RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.

CVE-2023-31423: Support Content Notification - Support Portal - Broadcom support portal

Brocade
 SANnav before v2.3.0 and v2.2.2a stores SNMPv3 Authentication passwords
 in plaintext. A privileged user could retrieve these credentials with 
knowledge and access to these log files. SNMP 
credentials could be seen in SANnav SupportSave if the capture is 
performed after an SNMP configuration failure causes an SNMP 
communication log dump.




CVE-2023-31925 - Storage of clear text password in Brocade SANnav

**Brocade Security Advisory ID**

**BSA-2023-2363**

**Component**

SNMP

**Summary**

Brocade SANnav before v2.3.0 and v2.2.2a stores SNMPv3 Authentication passwords in plaintext. A privileged user could retrieve these credentials with knowledge and access to these log files

SNMP credentials could be seen in SANnav SupportSave if the capture is performed after an SNMP configuration failure causes an SNMP communication log dump.

**Products Affected**

Brocade SANnav before v2.30 and v2.2.2a

**Solution**

The security update is provided in Brocade SANnav v2.3.0 and v2.2.2a

**Credit**

The issue was found during internal penetration testing.

**Revision History**

**Version**

**Change**

**Date**

1.0

Initial Publication

August 29, 2023

Disclaimer

THIS DOCUMENT IS PROVIDED ON AN AS-IS BASIS SOLELY FOR INFORMATIONAL PURPOSES AND DOES NOT IMPLY ANY KIND OF GUARANTY OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. YOUR USE OF THE INFORMATION CONTAINED HEREIN IS AT YOUR OWN RISK. ALL INFORMATION PROVIDED HEREIN IS BASED ON BROCADE'S CURRENT KNOWLEDGE AND UNDERSTANDING OF THE VULNERABILITY AND IMPACT TO BROCADE HARDWARE AND SOFTWARE PRODUCTS. BROCADE RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.

CVE-2023-31925: Support Content Notification - Support Portal - Broadcom support portal

A
 segmentation fault can occur in Brocade Fabric OS after Brocade Fabric 
OS v9.0 and before Brocade Fabric OS v9.2.0a through the passwdcfg 
command. This
 could allow an authenticated privileged user local user to crash a 
Brocade Fabric OS swith using the cli “passwdcfg --set -expire 
-minDiff“.



CVE-2023-4162 - Segmentation fault in Brocade Fabric OS after Brocade Fabric OS v9.0

**Brocade Security Advisory ID**

**BSA-2023-2367**

**Component**

**CLI**

**Summary**

A segmentation fault can occur in Brocade Fabric OS after Brocade Fabric OS v9.0 and before Brocade Fabric OS v9.2.0a through the passwdcfg command.   
This could allow an authenticated privileged user local user to crash a Brocade Fabric OS swith using the cli “passwdcfg --set -expire -minDiff“.

Note:   
•    The --mindiff option was added in Brocade Fabric OS v9.0.   
•    Only Brocade Fabric OS v9.x are affected

**Products Affected**

Brocade Fabric OS after Brocade Fabric OS v9.0 and before Brocade Fabric OS v9.2.0a

**Products Confirmed Not Affected**

Brocade Fabric OS versions before Brocade Fabric OS v9.0 are not affected.

**Solution**

The security update is provided in Brocade Fabric OS v9.2.0a

**Credit**

The issue was discovered during internal penetration testing. 

**Revision History**

**Version**

**Change**

**Date**

1.0

Initial Publication

August 29, 2023

Disclaimer

THIS DOCUMENT IS PROVIDED ON AN AS-IS BASIS SOLELY FOR INFORMATIONAL PURPOSES AND DOES NOT IMPLY ANY KIND OF GUARANTY OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. YOUR USE OF THE INFORMATION CONTAINED HEREIN IS AT YOUR OWN RISK. ALL INFORMATION PROVIDED HEREIN IS BASED ON BROCADE'S CURRENT KNOWLEDGE AND UNDERSTANDING OF THE VULNERABILITY AND IMPACT TO BROCADE HARDWARE AND SOFTWARE PRODUCTS. BROCADE RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.

CVE-2023-4162: Support Content Notification - Support Portal - Broadcom support portal

In
 Brocade Fabric OS before v9.2.0a, a local authenticated privileged user
 can trigger a buffer overflow condition, leading to a kernel panic with
 large input to buffers in the portcfgfportbuffers command.



CVE-2023-4163 - Possible buffer overflow in portcfgfportbuffers in Brocade Fabric OS

**Brocade Security Advisory ID**

**BSA-2023-2368**

**Component**

**CLI**

**Summary**

In Brocade Fabric OS before v9.2.0a, a local authenticated privileged user can trigger a buffer overflow condition, leading to a kernel panic with large input to buffers in the portcfgfportbuffers command.

Note: All Brocade Fabric OS versions are affected.

**Products Affected**

Brocade Fabric OS before v9.2.0a

**Solution**

The security update is provided in Brocade Fabric OS v9.2.0a

**Credit**

The issue was discovered during internal penetration testing.

 **Revision History**

**Version**

**Change**

**Date**

1.0

Initial Publication

August 29, 2023

Disclaimer

THIS DOCUMENT IS PROVIDED ON AN AS-IS BASIS SOLELY FOR INFORMATIONAL PURPOSES AND DOES NOT IMPLY ANY KIND OF GUARANTY OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. YOUR USE OF THE INFORMATION CONTAINED HEREIN IS AT YOUR OWN RISK. ALL INFORMATION PROVIDED HEREIN IS BASED ON BROCADE'S CURRENT KNOWLEDGE AND UNDERSTANDING OF THE VULNERABILITY AND IMPACT TO BROCADE HARDWARE AND SOFTWARE PRODUCTS. BROCADE RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.

CVE-2023-4163: Support Content Notification - Support Portal - Broadcom support portal

Improper Access Control in GitHub repository instantsoft/icms2 prior to 2.16.1-git.

CVE-2023-4650: huntr – Security Bounties for any GitHub repository

The 
firmwaredownload command on Brocade Fabric OS v9.2.0 could log the 
FTP/SFTP/SCP server password in clear text in the SupportSave file when 
performing a downgrade from Fabric OS v9.2.0 to any earlier version of 
Fabric OS.



CVE-2023-3489 - firmwaredownload command could log servers passwords in clear text

Last Updated

29 August 2023

Initial Publication Date

29 August 2023

CVSS Base Score

8.6 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Affected CVE

CVE-2023-3489

**Brocade Security Advisory ID**

BSA-2023-2335

**Component**

firmwaredownload command

**Summary**

The firmwaredownload command on Brocade Fabric OS v9.2.0 could log the FTP/SFTP/SCP server password in clear text in the SupportSave file when performing a downgrade from Fabric OS v9.2.0 to any earlier version of Fabric OS.

**CVE Details**  
The firmwaredownload command downloads the Brocade Fabric OS firmware to the Brocade Switch by using FTP, SFTP, SCP, or HTTPs, or a USB device with the downloaded firmware. The firmwaredownload command supports both non-interactive and interactive modes. 

In Brocade Fabric OS v9.2.0, the command exposes the server password in clear text in theSupportSave file when it is collected. The issue is fixed in Brocade Fabric OS v9.2.0a, therefore a migration to/from Brocade Fabric OS v9.2.0a and later versions will not log passwords or sensitive data when the command is executed through the CLI, REST API or the web interface non-interactively.

**Products Affected**

Brocade Fabric OS v9.2.0. 

**Note for Brocade Fabric OS v9.1.1x downgrades**

Should the Brocade Switch be downgraded from v9.2.0 to v9.1.1x or any earlier version of FOS, using the CLI in non-interactive mode ie the whole command line, the password could be exposed in SupportSave file.  

**Products Confrimed Not Affected**

Brocade Fabric OS versions prior to v9.2.0 are not affected.

**Workaround**

The workaround is to use the web interface of REST API or to run the “firmwaredownload “ command in interactive mode.

**Solution**

Solution provided in Brocade Fabric OS v9.2.0a and later versions.

**Credit**

The issue was found during internal penetration testing

 **Revision History**

**Version**

**Change**

**Date**

1.0

Initial Publication

August 29, 2023

Disclaimer

THIS DOCUMENT IS PROVIDED ON AN AS-IS BASIS SOLELY FOR INFORMATIONAL PURPOSES AND DOES NOT IMPLY ANY KIND OF GUARANTY OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. YOUR USE OF THE INFORMATION CONTAINED HEREIN IS AT YOUR OWN RISK. ALL INFORMATION PROVIDED HEREIN IS BASED ON BROCADE'S CURRENT KNOWLEDGE AND UNDERSTANDING OF THE VULNERABILITY AND IMPACT TO BROCADE HARDWARE AND SOFTWARE PRODUCTS. BROCADE RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.

CVE-2023-3489: Support Content Notification - Support Portal - Broadcom support portal

An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff in a re-opened Pull Request. To exploit this vulnerability, an attacker would need write access to the repository. This vulnerability was reported via the  GitHub Bug Bounty Program https://bounty.github.com/ .


Source

CVE