ghsa

### Impact Javascript code can be injected by malicious editors for a stored XSS attack if the standard Content Security Policy is disabled. ### Workaround If the standard CSP rules are active (default in production mode), an exploit isn't possible. ### Credits Lwin Min Oo <lwinminoo2244@gmail.com>

A fix was made in BlazeMeter Jenkins Plugin version 4.27 to allow users only with certain permissions to see the list of available resources like credential IDs, bzm workspaces and bzm project Ids. Prior to this fix, anyone could see this list as a dropdown on the Jenkins UI.

FeehiCMS version 2.1.1 has a Remote Code Execution via Unrestricted File Upload in Ad Management. FeehiCMS version 2.1.1 allows authenticated remote attackers to upload files that the server later executes (or stores in an executable location) without sufficient validation, sanitization, or execution restrictions. An authenticated remote attacker can upload a crafted PHP file and cause the application or web server to execute it, resulting in remote code execution (RCE).

SQL injection vulnerability in long2ice assyncmy thru 0.2.10 allows attackers to execute arbitrary SQL commands via crafted dict keys.

### Summary Arbitrary files can be uploaded via the GrapesJS Builder, as the types of files that can be uploaded are not restricted. ### Impact If the media folder is not restricted from running files this can lead to a remote code execution.

### Summary A non privileged user can install and remove arbitrary packages via composer for a composer based installed, even if the flag in update settings for enable composer based update is unticked. ### Impact A low-privileged user of the platform can install malicious code to obtain higher privileges.

### Impact In Apptainer versions less than 1.4.5, a container can disable two of the forms of the little used `--security` option, in particular the forms `--security=apparmor:<profile>` and `--security=selinux:<label>` which otherwise put restrictions on operations that containers can do. The `--security` option has always been mentioned in Apptainer documentation as being a feature for the root user, although these forms do also work for unprivileged users on systems where the corresponding feature is enabled. Apparmor is enabled by default on Debian-based distributions and SElinux is enabled by default on RHEL-based distributions, but on SUSE it depends on the distribution version. In addition, a bug in the detection of selinux support in Apptainer's suid mode means that `--security selinux:<label>` flags may not be applied, even in the absence of an attack. In that case a warning message is emitted indicating that selinux is unavailable, but the warning may be may be overlooked...

### Impact _**Native Mode (default)**_ Singularity's default native runtime allows users to apply restrictions to container processes using the apparmor or selinux Linux Security Modules (LSMs), via the `--security selinux:<label>` or `--security apparmor:<profile>` flags. LSM labels are written to process or thread `attrs/exec` under `/proc`. If a user relies on LSM restrictions to prevent malicious operations then, under certain circumstances, an attacker can redirect the LSM label write operation so that it is ineffective. This requires: * The attacker to cause the user to run a malicious container image that redirects the mount of `/proc` to the destination of a shared mount, either known to be configured on the target system, or that will be specified by the user when running the container. * Control of the content of the shared mount, for example through another malicious container which also binds it, or as a user with relevant permissions on the host system it is bound from...

Grav CMS 1.7.49 is vulnerable to Cross Site Scripting (XSS). The page editor allows authenticated users to edit page content via a Markdown editor. The editor fails to properly sanitize <script> tags, allowing stored XSS payloads to execute when pages are viewed in the admin interface.

An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. Algorithmic complexity in `django.core.serializers.xml_serializer.getInnerText()` allows a remote attacker to cause a potential denial-of-service attack triggering CPU and memory exhaustion via specially crafted XML input processed by the XML `Deserializer`. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Seokchan Yoon for reporting this issue.