#java

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting Fortinet products to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2024-23113 (CVSS score: 9.8), relates to cases of remote code execution that affects FortiOS, FortiPAM, FortiProxy, and FortiWeb. "A

The hack exposed the data of 31 million users as the embattled Wayback Machine maker scrambles to stay online and contain the fallout of digital—and legal—attacks.

Talos also discovered three vulnerabilities in Veertu’s Anka Build, a suite of software designed to test macOS or iOS applications in CI/CD environments.

Red Hat Security Advisory 2024-7812-03 - A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2024-7811-03 - A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4. Issues addressed include a code execution vulnerability.

ABB Cylon Aspect version 3.08.01 suffers from an arbitrary file deletion vulnerability. Input passed to the file parameter in calendarFileDelete.php is not properly sanitized before being used to delete calendar files. This can be exploited by an unauthenticated attacker to delete files with the permissions of the web server using directory traversal sequences passed within the affected POST parameter.

Red Hat Security Advisory 2024-7736-03 - A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4. Issues addressed include an information leakage vulnerability.

Red Hat Security Advisory 2024-7735-03 - A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4. Issues addressed include an information leakage vulnerability.

### Summary `\PhpOffice\PhpSpreadsheet\Writer\Html` does not sanitize "javascript:" URLs from hyperlink `href` attributes, resulting in a Cross-Site Scripting vulnerability. ### PoC Example target script: ``` <?php require 'vendor/autoload.php'; $reader = \PhpOffice\PhpSpreadsheet\IOFactory::createReader("Xlsx"); $spreadsheet = $reader->load(__DIR__ . '/book.xlsx'); $writer = new \PhpOffice\PhpSpreadsheet\Writer\Html($spreadsheet); print($writer->generateHTMLAll()); ``` Save this file in the same directory: [book.xlsx](https://github.com/PHPOffice/PhpSpreadsheet/files/15099763/book.xlsx) Open index.php in a web browser and click on both links. The first demonstrates the vulnerability in a regular hyperlink and the second in a HYPERLINK() formula.

### Summary Event log data is not properly sanitized leading to stored Cross-Site Scripting (XSS) vulnerability. ### Details - file: https://github.com/saltcorn/saltcorn/blob/v1.0.0-beta.13/packages/server/routes/eventlog.js#L445 ```js router.get( "/:id", isAdmin, error_catcher(async (req, res) => { const { id } = req.params; const ev = await EventLog.findOneWithUser(id); send_events_page({ [...] contents: { type: "card", contents: [...] ) + div( { class: "eventpayload" }, ev.payload ? pre(JSON.stringify(ev.payload, null, 2)) : "" //<--- ), }, }); }) ``` ### PoC The following PoC demonstrates how a non-admin user with permission to read/write on a table can inject malicious javascript code that will be executed in the event log admin panel if event logs are enabled. To demonstrate this issue, we need to prepare some components. The following steps should be ...