#js

An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. E-Widgets does widget replacement in HTML attributes, which can lead to XSS, because widget authors often do not expect that their widget is executed in an HTML attribute context.

Red Hat OpenShift Container Platform release 4.10.47 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41912: crewjam/saml: Authentication bypass when processing SAML responses containing multiple Assertion elements

In SAP BusinessObjects Business Intelligence Platform (Web Intelligence user interface) - version 420, some calls return json with wrong content type in the header of the response. As a result, a custom application that calls directly the jsp of Web Intelligence DHTML may be vulnerable to XSS attacks. On successful exploitation an attacker can cause limited impact on confidentiality and integrity of the application.

### Impact Due to a workaround for an old client bug (which has since been fixed), very large JSON payloads in `ModalFormResponsePacket` were able to cause the server to spend a significant amount of time processing the packet. Large numbers of these packets were able to hog CPU time so as to prevent the server from processing other connections in a timely manner. ### Patches The problem has been addressed in 3baa5ab71214f96e6e7ab12cb9beef08118473b5 by removing the workaround code. ### Workarounds Plugins could cancel `DataPacketReceiveEvent` for this packet, decode the data their way, and then call `Player->onFormSubmit()` directly, bypassing the vulnerable code.

An issue in Inkdrop v5.4.1 allows attackers to execute arbitrary commands via uploading a crafted markdown file.

### Summary API interfaces with unauthorized access will leak sensitive information /api/v1/clusters/kubeconfig/<clusterName> ### Details Routes using v1 without any restrictions <img width="930" alt="image" src="https://user-images.githubusercontent.com/35884266/211258033-84aa14fb-01d5-459c-af81-e48b7552fabf.png"> Directly pass in `downloadKubeconfig` according to the cluster name <img width="960" alt="image" src="https://user-images.githubusercontent.com/35884266/211258011-d885fda6-06c3-4603-be4a-38d9c9b918b4.png"> pkg/router/v1/white.go no restrictions ```go func downloadKubeconfig(ctx context.Context) { clusterName := ctx.Params().GetString("name") ctx.Header("Content-Disposition", "attachment") ctx.Header("filename", fmt.Sprintf("%s-config", clusterName)) ctx.Header("Content-Type", "application/download") clusterService := service.NewClusterService() str, err := clusterService.GetKubeconfig(clusterName) if err != nil { _, _ = ctx.JSON(err) ctx.StatusCode(http.StatusI...

### Impact Any users of Mercurius until version v11.5.0 are subjected to a denial of service attack by sending a malformed packet over WebSocket to `/graphql`. ### Patches This was patched in https://github.com/mercurius-js/mercurius/pull/940. ### Workarounds Disable subscriptions. ### References Reported publicly as https://github.com/mercurius-js/mercurius/issues/939. The same problem was solved in https://github.com/fastify/fastify-websocket/pull/228

A vulnerability was found in gperson angular-test-reporter and classified as critical. This issue affects the function getProjectTables/addTest of the file rest-server/data-server.js. The manipulation leads to sql injection. The name of the patch is a29d8ae121b46ebfa96a55a9106466ab2ef166ae. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217715.

The JsonWebToken package plays a big role in the authentication and authorization functionality for many applications.

An update for tigervnc is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4283: xorg-x11-server: X.Org Server XkbGetKbdByName use-after-free * CVE-2022-46340: xorg-x11-server: X.Org Server XTestSwapFakeInput stack overflow * CVE-2022-46341: xorg-x11-server: X.Org Server XIPassiveUngrab out-of-bounds access * CVE-2022-46342: xorg-x11-server: X.Org Server XvdiSelectVideoNotify use-after-free * CVE-2022-46343: xorg-x11-server:...