Security
Headlines
HeadlinesLatestCVEs

Tag

#auth

GHSA-cf8v-5mrc-jv7f: OpenC3 COSMOS Vulnerable to Directory Traversal via openc3-api/tables endpoint

An issue in the openc3-api/tables endpoint of OpenC3 COSMOS 6.0.0 allows attackers to execute a directory traversal.

ghsa
Open in Source
#vulnerability#auth
GHSA-9qv6-4pwm-m68f: Ibexa RichText Field Type XSS vulnerabilities in back office

### Impact This security advisory is a part of IBEXA-SA-2025-003, which resolves XSS vulnerabilities in several parts of the back office of Ibexa DXP. Back office access and varying levels of editing and management permissions are required to exploit these vulnerabilities. This typically means Editor or Administrator role, or similar. Injected XSS is persistent and can be reflected in the front office, possibly affecting end users. The fixes ensure XSS is escaped, and any existing injected XSS is rendered harmless. ### Patches - See "Patched versions". - https://github.com/ibexa/fieldtype-richtext/commit/4a4a170c7faa4807ae0f74c581481b835bab3caf ### Workarounds None.

GHSA-5r6x-g6jv-4v87: Ibexa Admin UI XSS vulnerabilities in back office

### Impact This security advisory is a part of IBEXA-SA-2025-003, which resolves XSS vulnerabilities in several parts of the back office of Ibexa DXP. Back office access and varying levels of editing and management permissions are required to exploit these vulnerabilities. This typically means Editor or Administrator role, or similar. Injected XSS is persistent and can be reflected in the front office, possibly affecting end users. The fixes ensure XSS is escaped, and any existing injected XSS is rendered harmless. ### Patches - See "Patched versions". - https://github.com/ibexa/admin-ui/commit/72a64d90d249e5f4c4a5e8238f5d627c9b68d9b8 ### Workarounds None.

GHSA-vhgq-r8gx-5fpv: Ibexa Admin UI assets XSS vulnerabilities in back office

### Impact This security advisory is a part of IBEXA-SA-2025-003, which resolves XSS vulnerabilities in several parts of the back office of Ibexa DXP. Back office access and varying levels of editing and management permissions are required to exploit these vulnerabilities. This typically means Editor or Administrator role, or similar. Injected XSS is persistent and can be reflected in the front office, possibly affecting end users. The fixes ensure XSS is escaped, and any existing injected XSS is rendered harmless. ### Patches - See "Patched versions". - https://github.com/ibexa/admin-ui-assets/commit/219b71b70aaea9321947d2dbeb49fff1b49e05f4 ### Workarounds None.

GHSA-r5rx-53g9-25rj: Ibexa eZ Platform Admin UI assets XSS vulnerabilities in back office

### Impact This security advisory is a part of IBEXA-SA-2025-003, which resolves XSS vulnerabilities in several parts of the back office of Ibexa DXP. Back office access and varying levels of editing and management permissions are required to exploit these vulnerabilities. This typically means Editor or Administrator role, or similar. Injected XSS is persistent and can be reflected in the front office, possibly affecting end users. The fixes ensure XSS is escaped, and any existing injected XSS is rendered harmless. ### Patches - See "Patched versions". - https://github.com/ezsystems/ezplatform-admin-ui-assets/commit/219b71b70aaea9321947d2dbeb49fff1b49e05f4 ### Workarounds None.

GHSA-r7pm-mw8g-p7px: Ibexa eZ Platform Admin UI XSS vulnerabilities in back office

### Impact This security advisory is a part of IBEXA-SA-2025-003, which resolves XSS vulnerabilities in several parts of the back office of Ibexa DXP. Back office access and varying levels of editing and management permissions are required to exploit these vulnerabilities. This typically means Editor or Administrator role, or similar. Injected XSS is persistent and can be reflected in the front office, possibly affecting end users. The fixes ensure XSS is escaped, and any existing injected XSS is rendered harmless. ### Patches - See "Patched versions". - https://github.com/ezsystems/ezplatform-admin-ui/commit/acaa620d4ef44e7c20908dc389d48064f2c19e6d ### Workarounds None.

GHSA-2v3v-3whp-953h: starcitizentools/citizen-skin allows stored XSS in user registration date message

### Summary Various date messages returned by `Language::userDate` are inserted into raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. ### Details The result of `$this->lang->userDate( $timestamp, $this->user )` returns unescaped values, but is inserted as raw HTML by Citizen: https://github.com/StarCitizenTools/mediawiki-skins-Citizen/blob/072e4365e9084e4b153eac62d3666566c06f5a49/includes/Components/CitizenComponentUserInfo.php#L55-L60 ### PoC 1. Go to any page using citizen with the uselang parameter set to x-xss and while being logged in Depending on the registration date of the account you're logged in with, various messages can be shown. In my case, it's `november`: ![image](https://github.com/user-attachments/assets/252a3453-99c8-4ce1-b6d6-a8485b7a9a43) ### Impact This impacts wikis where a group has the `editinterface` but not the `editsitejs` user right.

GHSA-jwr7-992g-68mh: starcitizentools/citizen-skin allows stored XSS in preference menu heading messages

### Summary Various preferences messages are inserted into raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. ### Details The `innerHtml` of the label div is set to the `textContent` of the label, essentially unsanitizing the system messages: https://github.com/StarCitizenTools/mediawiki-skins-Citizen/blob/407052e7069bdeae927d6f1a2a1c9a45b473bf9a/resources/skins.citizen.preferences/addPortlet.polyfill.js#L18 ### PoC 1. Edit `citizen-feature-custom-font-size-name` (or any other message displayed in a heading in the preferences menu) to `<img src="" onerror="alert('citizen-feature-custom-font-size-name')">` (script tags don't work here due to the way the HTML is inserted) 2. Open the preferences menu ![image](https://github.com/user-attachments/assets/b75f100d-09cc-443c-b635-e9d6ab48d133)

GHSA-86xf-2mgp-gv3g: starcitizentools/citizen-skin allows stored XSS in search no result messages

### Summary The `citizen-search-noresults-title` and `citizen-search-noresults-desc` system messages are inserted into raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. ### Details The system messages are inserted as raw HTML by the mustache template: https://github.com/StarCitizenTools/mediawiki-skins-Citizen/blob/407052e7069bdeae927d6f1a2a1c9a45b473bf9a/resources/skins.citizen.search/templates/TypeaheadPlaceholder.mustache#L8-L9 ### PoC 1. Edit `citizen-search-noresults-title` and `citizen-search-noresults-desc` to `<img src="" onerror="alert('citizen-search-noresults-title')">` and `<img src="" onerror="alert('citizen-search-noresults-desc')">` (script tags don't work here due to the way the HTML is inserted) 2. Open the search bar and search for a page that doesn't exist to get the "no results" messages to show up ![image](https://github.com/user-attachments/assets/cf2963bc-5c86-4a4d-8574-de92d89d6d81) ![image](https://github.com/user...

Here’s What Marines and the National Guard Can (and Can’t) Do at LA Protests

Pentagon rules sharply limit US Marines and National Guard activity in Los Angeles, prohibiting arrests, surveillance, and other customary police work.