The Google Maps Plugin by Intergeo for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'intergeo' shortcode in versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE-2023-4887: index.php in intergeo-maps/tags/2.3.2 – WordPress Plugin Repository

This issue was addressed with improved state management of S/MIME encrypted emails. This issue is fixed in macOS Monterey 12.6.8. A S/MIME encrypted email may be inadvertently sent unencrypted.

Released July 24, 2023

**Accessibility**

Available for: macOS Monterey

Impact: An app may be able to read sensitive location information

Description: A privacy issue was addressed with improved private data redaction for log entries.

CVE-2023-40442: Nick Brook

Entry added September 8, 2023

**Apple Neural Engine**

Available for: macOS Monterey

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: The issue was addressed with improved memory handling.

CVE-2023-34425: pattern-f (@pattern\_F\_) of Ant Security Light-Year Lab

Entry added July 27, 2023

**AppSandbox**

Available for: macOS Monterey

Impact: A sandboxed process may be able to circumvent sandbox restrictions

Description: A logic issue was addressed with improved restrictions.

CVE-2023-32364: Gergely Kalman (@gergely\_kalman)

Entry added July 27, 2023

**Assets**

Available for: macOS Monterey

Impact: An app may be able to modify protected parts of the file system

Description: This issue was addressed with improved data protection.

CVE-2023-35983: Mickey Jin (@patch1t)

**CFNetwork**

Available for: macOS Monterey

Impact: An app may be able to read sensitive location information

Description: A privacy issue was addressed with improved private data redaction for log entries.

CVE-2023-40392: Wojciech Regula of SecuRing (wojciechregula.blog)

Entry added September 8, 2023

**CUPS**

Available for: macOS Monterey

Impact: A user in a privileged network position may be able to leak sensitive information

Description: A logic issue was addressed with improved state management.

CVE-2023-34241: Sei K.

Entry added July 27, 2023

**curl**

Available for: macOS Monterey

Impact: Multiple issues in curl

Description: Multiple issues were addressed by updating curl.

CVE-2023-28319

CVE-2023-28320

CVE-2023-28321

CVE-2023-28322

**Find My**

Available for: macOS Monterey

Impact: An app may be able to read sensitive location information

Description: A logic issue was addressed with improved restrictions.

CVE-2023-32416: Wojciech Regula of SecuRing (wojciechregula.blog)

**FontParser**

Available for: macOS Monterey

Impact: Processing a font file may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1.

Description: The issue was addressed with improved handling of caches.

CVE-2023-41990: Apple, Valentin Pashkov, Mikhail Vinogradov, Georgy Kucherin (@kucher1n), Leonid Bezvershenko (@bzvr\_), and Boris Larin (@oct0xor) of Kaspersky

Entry added September 8, 2023

**Grapher**

Available for: macOS Monterey

Impact: Processing a file may lead to unexpected app termination or arbitrary code execution

Description: The issue was addressed with improved checks.

CVE-2023-36854: Bool of YunShangHuaAn(云上华安)

CVE-2023-32418: Bool of YunShangHuaAn(云上华安)

**Kernel**

Available for: macOS Monterey

Impact: A remote user may be able to cause a denial-of-service

Description: The issue was addressed with improved checks.

CVE-2023-38603: Zweig of Kunlun Lab

Entry added July 27, 2023

**Kernel**

Available for: macOS Monterey

Impact: A remote user may be able to cause unexpected system termination or corrupt kernel memory

Description: A buffer overflow issue was addressed with improved memory handling.

CVE-2023-38590: Zweig of Kunlun Lab

Entry added July 27, 2023

**Kernel**

Available for: macOS Monterey

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: A use-after-free issue was addressed with improved memory management.

CVE-2023-38598: Mohamed GHANNAM (@\_simo36)

Entry added July 27, 2023

**Kernel**

Available for: macOS Monterey

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: An integer overflow was addressed with improved input validation.

CVE-2023-36495: 香农的三蹦子 of Pangu Lab

Entry added July 27, 2023

**Kernel**

Available for: macOS Monterey

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2023-37285: Arsenii Kostromin (0x3c3e)

Entry added July 27, 2023

**Kernel**

Available for: macOS Monterey

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: An out-of-bounds write issue was addressed with improved input validation.

CVE-2023-38604: an anonymous researcher

Entry added July 27, 2023

**Kernel**

Available for: macOS Monterey

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: A use-after-free issue was addressed with improved memory management.

CVE-2023-32381: an anonymous researcher

CVE-2023-32433: Zweig of Kunlun Lab

CVE-2023-35993: Kaitao Xie and Xiaolong Bai of Alibaba Group

**Kernel**

Available for: macOS Monterey

Impact: An app may be able to modify sensitive kernel state. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1.

Description: This issue was addressed with improved state management.

CVE-2023-38606: Valentin Pashkov, Mikhail Vinogradov, Georgy Kucherin (@kucher1n), Leonid Bezvershenko (@bzvr\_), and Boris Larin (@oct0xor) of Kaspersky

**Kernel**

Available for: macOS Monterey

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: The issue was addressed with improved memory handling.

CVE-2023-32441: Peter Nguyễn Vũ Hoàng (@peternguyen14) of STAR Labs SG Pte. Ltd.

**libxpc**

Available for: macOS Monterey

Impact: An app may be able to gain root privileges

Description: A path handling issue was addressed with improved validation.

CVE-2023-38565: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab (xlab.tencent.com)

**libxpc**

Available for: macOS Monterey

Impact: An app may be able to cause a denial-of-service

Description: A logic issue was addressed with improved checks.

CVE-2023-38593: Noah Roskin-Frazee

**Mail**

Available for: macOS Monterey

Impact: A S/MIME encrypted email may be inadvertently sent unencrypted

Description: This issue was addressed with improved state management of S/MIME encrypted emails.

CVE-2023-40440: Taavi Eomäe from Zone Media OÜ

Entry added September 8, 2023

**Music**

Available for: macOS Monterey

Impact: An app may be able to bypass Privacy preferences

Description: This issue was addressed with improved validation of symlinks.

CVE-2023-38571: Gergely Kalman (@gergely\_kalman)

Entry added July 27, 2023

**Model I/O**

Available for: macOS Monterey

Impact: Processing a 3D model may result in disclosure of process memory

Description: The issue was addressed with improved checks.

CVE-2023-38421: Mickey Jin (@patch1t), and Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative

CVE-2023-38258: Mickey Jin (@patch1t)

Entry updated July 27, 2023

**ncurses**

Available for: macOS Monterey

Impact: An app may cause unexpected app termination or arbitrary code execution

Description: A memory corruption issue was addressed with improved validation.

CVE-2023-29491: Jonathan Bar Or of Microsoft, Emanuele Cozzi of Microsoft, and Michael Pearse of Microsoft

Entry added September 8, 2023

**Net-SNMP**

Available for: macOS Monterey

Impact: An app may be able to modify protected parts of the file system

Description: This issue was addressed by removing the vulnerable code.

CVE-2023-38601: Csaba Fitzl (@theevilbit) of Offensive Security

Entry added July 27, 2023

**NSSpellChecker**

Available for: macOS Monterey

Impact: A sandboxed process may be able to circumvent sandbox restrictions

Description: A logic issue was addressed with improved validation.

CVE-2023-32444: Mickey Jin (@patch1t)

Entry added July 27, 2023

**OpenLDAP**

Available for: macOS Monterey

Impact: A remote user may be able to cause a denial-of-service

Description: The issue was addressed with improved memory handling.

CVE-2023-2953: Sandipan Roy

**PackageKit**

Available for: macOS Monterey

Impact: An app may be able to access user-sensitive data

Description: A logic issue was addressed with improved restrictions.

CVE-2023-38259: Mickey Jin (@patch1t)

**PackageKit**

Available for: macOS Monterey

Impact: An app may be able to modify protected parts of the file system

Description: A permissions issue was addressed with additional restrictions.

CVE-2023-38602: Arsenii Kostromin (0x3c3e)

**Shortcuts**

Available for: macOS Monterey

Impact: A shortcut may be able to modify sensitive Shortcuts app settings

Description: An access issue was addressed with improved access restrictions.

CVE-2023-32442: an anonymous researcher

**sips**

Available for: macOS Monterey

Impact: Processing a file may lead to a denial-of-service or potentially disclose memory contents

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2023-32443: David Hoyt of Hoyt LLC

**SQLite**

Available for: macOS Monterey

Impact: An app may be able to bypass Privacy preferences

Description: This issue was addressed by adding additional SQLite logging restrictions.

CVE-2023-32422: Gergely Kalman (@gergely\_kalman), and Wojciech Regula of SecuRing (wojciechregula.blog)

Entry added September 8, 2023

**SystemMigration**

Available for: macOS Monterey

Impact: An app may be able to bypass Privacy preferences

Description: The issue was addressed with improved checks.

CVE-2023-32429: Wenchao Li and Xiaolong Bai of Hangzhou Orange Shield Information Technology Co., Ltd.

Entry added July 27, 2023

**Weather**

Available for: macOS Monterey

Impact: An app may be able to determine a user’s current location

Description: This  issue was addressed with improved redaction of sensitive information.

CVE-2023-38605: Adam M.

Entry added September 8, 2023

CVE-2023-40440: About the security content of macOS Monterey 12.6.8

 SQL Injection in GitHub repository mintplex-labs/anything-llm prior to 0.0.1.

Expand Up @@ -13,6 +13,7 @@ const { const { validatedRequest } \= require("../utils/middleware/validatedRequest"); const { SystemSettings } \= require("../models/systemSettings"); const { Telemetry } \= require("../models/telemetry"); const { escape } \= require("sqlstring-sqlite"); const { handleUploads } \= setupMulter();  
function workspaceEndpoints(app) { Expand Down Expand Up @@ -44,8 +45,8 @@ function workspaceEndpoints(app) { const { slug \= null } \= request.params; const data \= reqBody(request); const currWorkspace \= multiUserMode(response) ? await Workspace.getWithUser(user, \`slug = '${slug}'\`) : await Workspace.get(\`slug = '${slug}'\`); ? await Workspace.getWithUser(user, \`slug = ${escape(slug)}\`) : await Workspace.get(\`slug = ${escape(slug)}\`);  
if (!currWorkspace) { response.sendStatus(400).end(); Expand Down Expand Up @@ -105,8 +106,8 @@ function workspaceEndpoints(app) { const { slug \= null } \= request.params; const { adds \= \[\], deletes \= \[\] } \= reqBody(request); const currWorkspace \= multiUserMode(response) ? await Workspace.getWithUser(user, \`slug = '${slug}'\`) : await Workspace.get(\`slug = '${slug}'\`); ? await Workspace.getWithUser(user, \`slug = ${escape(slug)}\`) : await Workspace.get(\`slug = ${escape(slug)}\`);  
if (!currWorkspace) { response.sendStatus(400).end(); Expand All @@ -115,7 +116,9 @@ function workspaceEndpoints(app) {  
await Document.removeDocuments(currWorkspace, deletes); await Document.addDocuments(currWorkspace, adds); const updatedWorkspace \= await Workspace.get(\`slug = '${slug}'\`); const updatedWorkspace \= await Workspace.get( \`id = ${currWorkspace.id}\` ); response.status(200).json({ workspace: updatedWorkspace }); } catch (e) { console.log(e.message, e); Expand All @@ -133,8 +136,8 @@ function workspaceEndpoints(app) { const user \= await userFromSession(request, response); const VectorDb \= getVectorDbClass(); const workspace \= multiUserMode(response) ? await Workspace.getWithUser(user, \`slug = '${slug}'\`) : await Workspace.get(\`slug = '${slug}'\`); ? await Workspace.getWithUser(user, \`slug = ${escape(slug)}\`) : await Workspace.get(\`slug = ${escape(slug)}\`);  
if (!workspace) { response.sendStatus(400).end(); Expand All @@ -151,7 +154,7 @@ function workspaceEndpoints(app) { } }  
await Workspace.delete(\`slug = '${slug.toLowerCase()}'\`); await Workspace.delete(\`id = ${Number(workspace.id)}\`); await DocumentVectors.deleteForWorkspace(workspace.id); await Document.delete(\`workspaceId = ${Number(workspace.id)}\`); await WorkspaceChats.delete(\`workspaceId = ${Number(workspace.id)}\`); Expand Down Expand Up @@ -187,8 +190,8 @@ function workspaceEndpoints(app) { const { slug } \= request.params; const user \= await userFromSession(request, response); const workspace \= multiUserMode(response) ? await Workspace.getWithUser(user, \`slug = '${slug}'\`) : await Workspace.get(\`slug = '${slug}'\`); ? await Workspace.getWithUser(user, \`slug = ${escape(slug)}\`) : await Workspace.get(\`slug = ${escape(slug)}\`);  
response.status(200).json({ workspace }); } catch (e) { Expand All @@ -205,8 +208,8 @@ function workspaceEndpoints(app) { const { slug } \= request.params; const user \= await userFromSession(request, response); const workspace \= multiUserMode(response) ? await Workspace.getWithUser(user, \`slug = '${slug}'\`) : await Workspace.get(\`slug = '${slug}'\`); ? await Workspace.getWithUser(user, \`slug = ${escape(slug)}\`) : await Workspace.get(\`slug = ${escape(slug)}\`);  
if (!workspace) { response.sendStatus(400).end(); Expand Down

CVE-2023-4899: patch SQL injection opportunities [LOW RISK] (#234) · Mintplex-Labs/anything-llm@dc3dfbf

A reflected cross-site scripting (XSS) vulnerability in DevCode OpenSTAManager versions 2.4.24 to 2.4.47 may allow a remote attacker to execute arbitrary JavaScript in the web browser of a victim by injecting a malicious payload into the 'error' and 'error_description' parameters of 'oauth2.php'.

    

Il gestionale OpenSTAManager è un software open-source e web based, sviluppato dall'azienda informatica DevCode di Este per gestire ed archiviare il servizio di assistenza tecnica e la relativa fatturazione. Il nome del progetto deriva dalla parziale traduzione in inglese degli elementi principali che lo compongono: la natura open-source e il suo obiettivo quale Gestore del Servizio Tecnico di Assistenza.

Un software gestionale, identificato nell'insieme degli applicativi che automatizzano i processi di gestione all'interno delle aziende, appartiene solitamente a una specifica categoria del settore, specializzata negli ambiti di:

*   Gestione della contabilità;
*   Gestione del magazzino;
*   Gestione e ausilio della produzione;
*   Gestione e previsione dei budget aziendali;
*   Gestione ed analisi finanziaria.

Secondo questa definizione, OpenSTAManager riesce a generalizzare al proprio interno le funzionalità caratteristiche della contabilità e della gestione del magazzino, presentando inoltre moduli piuttosto avanzati e destinati a complementare l'attività aziendale in relazione agli interventi di assistenza della realtà lavorativa in oggetto.

La documentazione ufficiale è disponibile all'indirizzo https://docs.openstamanager.com/.

*   Requisiti
*   Installazione
    *   Versioni
    *   Build
    *   Strumenti di sviluppo e debug
*   Perché software open-source
*   Community
*   Contribuire
*   Sviluppatori
*   Licenza

**Requisiti**

L'installazione del gestionale richiede la presenza di un server web con abilitato il DBMS MySQL e il linguaggio di programmazione PHP.

PHP

EOL

Supportato

8.1

25/11/2024

❌

8.0

26/11/2023

✔️

7.4

28/11/2022

✔️

7.3

06/12/2021

✔️

7.2

30/11/2020

❌

MYSQL

EOL

Supportato

8.0

01/04/2026

✔️

5.7

21/10/2023

✔️

5.6

05/02/2021

❌

Per ulteriori informazioni sui pacchetti che forniscono questi elementi di default, visitare la sezione Installazione della documentazione.

**Installazione rapida**

git clone https://github.com/devcode-it/openstamanager.git
cd openstamanager

# Download di composer da https://getcomposer.org/download/

yarn develop-OSM

**Installazione**

Per procedere all'installazione è necessario seguire i seguenti punti:

1.  Scaricare una release ufficiale del progetto.
    
2.  Creare una cartella (ad esempio openstamanager) nella root del server web installato ed estrarvi il contenuto della release scaricata. Il percorso della cartella root del server varia in base al software in utilizzo:
    
    *   LAMP (/var/www/html)
    *   XAMPP (C:/xampp/htdocs per Windows, /opt/lampp/htdocs/ per Linux, /Applications/XAMPP/htdocs/ per MAC)
    *   WAMP (C:\wamp\www)
    *   MAMP (C:\MAMP\htdocs per Windows, /Applications/MAMP/htdocs per MAC)
3.  Creare un database vuoto (tramite PHPMyAdmin o riga di comando).
    
4.  Accedere a http://localhost/openstamanager dal vostro browser.
    
5.  Inserire i dati di configurazione per collegarsi al database.
    
6.  Procedere all'installazione del software, cliccando sul pulsante **Installa**.
    

**Attenzione**: è possibile che l'installazione richieda del tempo. Si consiglia pertanto di attendere almeno qualche minuto senza alcun cambiamento nella pagina di installazione (in particolare, della progress bar presente) prima di cercare una possibile soluzione nelle discussioni del forum o nella sezione dedicata.

**Versioni**

Per mantenere un elevato grado di trasparenza riguardo al ciclo delle release, seguiamo le linee guida Semantic Versioning (SemVer) per definire le versioni del progetto. Per vedere tutte le versioni disponibili al download, visitare la pagina relativa su GitHub (per versioni precedenti alla 2.3, visitare SourceForge).

Nel caso utilizziate il programma per uso commerciale, si consiglia di scaricare le release disponibili nel sito ufficiale del progetto (https://www.openstamanager.com), evitando di utilizzare direttamente il codice della repository. Se siete inoltre interessati a supporto e assistenza professionali, li potete richiedere nella sezione dedicata.

**Build**

Nel caso si stia utilizzando la versione direttamente ottenuta dalla repository di GitHub, è necessario eseguire i seguenti comandi da linea di comando per completare le dipendenze PHP (tramite Composer) e gli assets (tramite Yarn) del progetto.

php composer.phar install
yarn global add gulp
yarn install
gulp

In alternativa alla sequenza di comandi precedente, è possibile utilizzare il seguente comando (richiede l'installazione di GIT e Yarn, oltre che l'inserimento dell'archivio composer.phar nella cartella principale del progetto):

Per ulteriori informazioni, visitare le sezioni Assets e Framework della documentazione.

**Strumenti di sviluppo e debug**

Consigliamo di installare psalm e configurarlo nel proprio IDE se supportato, in modo che vengano eseguiti ulteriori controlli automatici sul codice scritto.

E' già configurato su **composer** l'inclusione di PHP-CS-Fixer, uno strumento che permette di formattare in modo uniforme il codice scritto. Si può configurare nel proprio IDE se supportato. Il percorso dell'eseguibile è vendor/bin/php-cs-fixer.

**Perché software open-source**

Il progetto è un software open-source perché permette agli utilizzatori di studiarne il funzionamento ed adattarlo alle proprie esigenze; inoltre, in ambito commerciale, non obbliga l'utilizzatore ad essere legato allo stesso fornitore di assistenza.

In questo modo è possibile ottenere un'ulteriore garanzia sul funzionamento del software, poiché chiunque ne abbia le capacità può verificarlo, escludendo mancanze in relazione alla sicurezza e alla privacy dei dati (caratteristica che il software proprietario non può offrire).

**Community**

La community è una componente importante in un progetto open-source, perché mette in contatto utenti e programmatori tra di loro e permette pertanto l'individuazione di soluzioni innovative e migliori.

Siamo presenti su Facebook, Twitter, YouTube e Mastodon e il nostro forum ufficiale è disponibile all'indirizzo https://forum.openstamanager.com, dove potete segnalare i vostri problemi e soddisfare le vostre curiosità nelle sezioni più adeguate.

**Contribuire**

Per poter contribuire ed eseguire i test automatici, si consiglia di seguire le indicazioni descritte all'interno della documentazione ufficiale.

Se volete contribuire attivamente con semplici migliorie o correzioni potete cercare tra le issue per i nuovi contributori.

**Bounty Program**

Potresti trovare degli issue contrassegnati con il label **bountysource**. Questo significa che è disponibile una ricompensa per chi risolverà l'issue secondo i criteri descritti all'interno. Devi creare innanzitutto un account su BountySource.com. Successivamente, il funzionamento sarà il seguente:

*   esegui un fork del repository
*   risolvi l'issue
*   invia una pull request

Verificheremo se la pull request soddisferà i requisiti e, una volta approvata, provvederemo ad accreditare la ricompensa nel tuo account di BountySource.

**Licenza**

Questo progetto è tutelato dalla licenza **GPL 3**.

CVE-2023-38878: GitHub - devcode-it/openstamanager: Il software gestionale open source per l'assistenza tecnica e la fatturazione

In bindSelection of DatabaseUtils.java, there is a possible way to access files from other applications due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

)\]}' { "commit": "23d156ed1bed6d2c2b325f0be540d0afca510c49", "tree": "f54e4f4739f4a720de25255369dd018bae3b8a54", "parents": \[ "192c7711c1adc835c06720d59ddacb86c5e32b5f" \], "author": { "name": "Krishang Garodia", "email": "krishang@google.com", "time": "Mon Jun 19 11:43:45 2023 +0000" }, "committer": { "name": "Android Build Coastguard Worker", "email": "android-build-coastguard-worker@google.com", "time": "Fri Jul 14 17:32:33 2023 +0000" }, "message": "Remove invalid surrogates during bindSelection\\n\\nTest: atest MediaProviderTests\\nBug: 223793631\\n(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:108f736d0ec6e974c3f947e7e568845b7e039a0a)\\n(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:a48b01f78f28fc642b144c673bfcd12ae78c5a73)\\nMerged-In: I18b879f1a51394b4739225ec88b862fd6d0d5526\\nChange-Id: I18b879f1a51394b4739225ec88b862fd6d0d5526\\n", "tree\_diff": \[ { "type": "modify", "old\_id": "55efafc7f79911ea4d1a6e57b01d745c277aaf4a", "old\_mode": 33188, "old\_path": "src/com/android/providers/media/util/DatabaseUtils.java", "new\_id": "53ecf964eef6d0a075c3af85a713744decb648f9", "new\_mode": 33188, "new\_path": "src/com/android/providers/media/util/DatabaseUtils.java" }, { "type": "modify", "old\_id": "685d897041ef04ba469574150494f0b0c1ed316d", "old\_mode": 33188, "old\_path": "tests/src/com/android/providers/media/util/DatabaseUtilsTest.java", "new\_id": "a907875898476236c1f5de7e25812fdf928509a1", "new\_mode": 33188, "new\_path": "tests/src/com/android/providers/media/util/DatabaseUtilsTest.java" } \] }

CVE-2023-35683

Sourcecodester Doctor Appointment System 1.0 is vulnerable to SQL Injection in the variable $userid at doctors\myDetails.php.

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   Pricing

**Search code, repositories, users, issues, pull requests...**

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

CVE-2023-40945: vulnerability-report/Doctormms_CVE-2023-40945 at main · KLSEHB/vulnerability-report

Schoolmate 1.3 is vulnerable to SQL Injection in the variable $schoolname from Database at ~\header.php.

CVE-2023-40944: vulnerability-report/Schoolmate_CVE-2023-40944 at main · KLSEHB/vulnerability-report

Schoolmate 1.3 is vulnerable to SQL Injection in the variable $username from SESSION in ValidateLogin.php.

CVE-2023-40946: vulnerability-report/Schoolmate_CVE-2023-40946 at main · KLSEHB/vulnerability-report

Multiple cross-site scripting (XSS) vulnerabilities in Dairy Farm Shop Management System Using PHP and MySQL v1.1 allow attackers to execute arbitrary web scripts and HTML via a crafted payload injected into the Category and Category Field parameters.

In this section, we'll explain what cross-site scripting is, describe the different varieties of cross-site scripting vulnerabilities, and spell out how to find and prevent cross-site scripting.

**What is cross-site scripting (XSS)?**

Cross-site scripting (also known as XSS) is a web security vulnerability that allows an attacker to compromise the interactions that users have with a vulnerable application. It allows an attacker to circumvent the same origin policy, which is designed to segregate different websites from each other. Cross-site scripting vulnerabilities normally allow an attacker to masquerade as a victim user, to carry out any actions that the user is able to perform, and to access any of the user's data. If the victim user has privileged access within the application, then the attacker might be able to gain full control over all of the application's functionality and data.

**How does XSS work?**

Cross-site scripting works by manipulating a vulnerable web site so that it returns malicious JavaScript to users. When the malicious code executes inside a victim's browser, the attacker can fully compromise their interaction with the application.

**Labs**

If you're already familiar with the basic concepts behind XSS vulnerabilities and just want to practice exploiting them on some realistic, deliberately vulnerable targets, you can access all of the labs in this topic from the link below.

*   View all XSS labs

**XSS proof of concept**

You can confirm most kinds of XSS vulnerability by injecting a payload that causes your own browser to execute some arbitrary JavaScript. It's long been common practice to use the alert() function for this purpose because it's short, harmless, and pretty hard to miss when it's successfully called. In fact, you solve the majority of our XSS labs by invoking alert() in a simulated victim's browser.

Unfortunately, there's a slight hitch if you use Chrome. From version 92 onward (July 20th, 2021), cross-origin iframes are prevented from calling alert(). As these are used to construct some of the more advanced XSS attacks, you'll sometimes need to use an alternative PoC payload. In this scenario, we recommend the print() function. If you're interested in learning more about this change and why we like print(), check out our blog post on the subject.

As the simulated victim in our labs uses Chrome, we've amended the affected labs so that they can also be solved using print(). We've indicated this in the instructions wherever relevant.

**What are the types of XSS attacks?**

There are three main types of XSS attacks. These are:

*   Reflected XSS, where the malicious script comes from the current HTTP request.
*   Stored XSS, where the malicious script comes from the website's database.
*   DOM-based XSS, where the vulnerability exists in client-side code rather than server-side code.

**Reflected cross-site scripting**

Reflected XSS is the simplest variety of cross-site scripting. It arises when an application receives data in an HTTP request and includes that data within the immediate response in an unsafe way.

Here is a simple example of a reflected XSS vulnerability:

https://insecure-website.com/status?message=All+is+well.
<p>Status: All is well.</p>

The application doesn't perform any other processing of the data, so an attacker can easily construct an attack like this:

https://insecure-website.com/status?message=<script>/*+Bad+stuff+here...+*/</script>
<p>Status: <script>/* Bad stuff here... */</script></p>

If the user visits the URL constructed by the attacker, then the attacker's script executes in the user's browser, in the context of that user's session with the application. At that point, the script can carry out any action, and retrieve any data, to which the user has access.

**Stored cross-site scripting**

Stored XSS (also known as persistent or second-order XSS) arises when an application receives data from an untrusted source and includes that data within its later HTTP responses in an unsafe way.

The data in question might be submitted to the application via HTTP requests; for example, comments on a blog post, user nicknames in a chat room, or contact details on a customer order. In other cases, the data might arrive from other untrusted sources; for example, a webmail application displaying messages received over SMTP, a marketing application displaying social media posts, or a network monitoring application displaying packet data from network traffic.

Here is a simple example of a stored XSS vulnerability. A message board application lets users submit messages, which are displayed to other users:

<p>Hello, this is my message!</p>

The application doesn't perform any other processing of the data, so an attacker can easily send a message that attacks other users:

<p><script>/* Bad stuff here... */</script></p>

**DOM-based cross-site scripting**

DOM-based XSS (also known as DOM XSS) arises when an application contains some client-side JavaScript that processes data from an untrusted source in an unsafe way, usually by writing the data back to the DOM.

In the following example, an application uses some JavaScript to read the value from an input field and write that value to an element within the HTML:

var search = document.getElementById('search').value;
var results = document.getElementById('results');
results.innerHTML = 'You searched for: ' + search;

If the attacker can control the value of the input field, they can easily construct a malicious value that causes their own script to execute:

You searched for: <img src=1 onerror='/* Bad stuff here... */'>

In a typical case, the input field would be populated from part of the HTTP request, such as a URL query string parameter, allowing the attacker to deliver an attack using a malicious URL, in the same manner as reflected XSS.

**What can XSS be used for?**

An attacker who exploits a cross-site scripting vulnerability is typically able to:

*   Impersonate or masquerade as the victim user.
*   Carry out any action that the user is able to perform.
*   Read any data that the user is able to access.
*   Capture the user's login credentials.
*   Perform virtual defacement of the web site.
*   Inject trojan functionality into the web site.

**Impact of XSS vulnerabilities**

The actual impact of an XSS attack generally depends on the nature of the application, its functionality and data, and the status of the compromised user. For example:

*   In a brochureware application, where all users are anonymous and all information is public, the impact will often be minimal.
*   In an application holding sensitive data, such as banking transactions, emails, or healthcare records, the impact will usually be serious.
*   If the compromised user has elevated privileges within the application, then the impact will generally be critical, allowing the attacker to take full control of the vulnerable application and compromise all users and their data.

**How to find and test for XSS vulnerabilities**

The vast majority of XSS vulnerabilities can be found quickly and reliably using Burp Suite's web vulnerability scanner.

Manually testing for reflected and stored XSS normally involves submitting some simple unique input (such as a short alphanumeric string) into every entry point in the application, identifying every location where the submitted input is returned in HTTP responses, and testing each location individually to determine whether suitably crafted input can be used to execute arbitrary JavaScript. In this way, you can determine the context in which the XSS occurs and select a suitable payload to exploit it.

Manually testing for DOM-based XSS arising from URL parameters involves a similar process: placing some simple unique input in the parameter, using the browser's developer tools to search the DOM for this input, and testing each location to determine whether it is exploitable. However, other types of DOM XSS are harder to detect. To find DOM-based vulnerabilities in non-URL-based input (such as document.cookie) or non-HTML-based sinks (like setTimeout), there is no substitute for reviewing JavaScript code, which can be extremely time-consuming. Burp Suite's web vulnerability scanner combines static and dynamic analysis of JavaScript to reliably automate the detection of DOM-based vulnerabilities.

**Content security policy**

Content security policy (CSP) is a browser mechanism that aims to mitigate the impact of cross-site scripting and some other vulnerabilities. If an application that employs CSP contains XSS-like behavior, then the CSP might hinder or prevent exploitation of the vulnerability. Often, the CSP can be circumvented to enable exploitation of the underlying vulnerability.

**Dangling markup injection**

Dangling markup injection is a technique that can be used to capture data cross-domain in situations where a full cross-site scripting exploit is not possible, due to input filters or other defenses. It can often be exploited to capture sensitive information that is visible to other users, including CSRF tokens that can be used to perform unauthorized actions on behalf of the user.

**How to prevent XSS attacks**

Preventing cross-site scripting is trivial in some cases but can be much harder depending on the complexity of the application and the ways it handles user-controllable data.

In general, effectively preventing XSS vulnerabilities is likely to involve a combination of the following measures:

*   **Filter input on arrival.** At the point where user input is received, filter as strictly as possible based on what is expected or valid input.
*   **Encode data on output.** At the point where user-controllable data is output in HTTP responses, encode the output to prevent it from being interpreted as active content. Depending on the output context, this might require applying combinations of HTML, URL, JavaScript, and CSS encoding.
*   **Use appropriate response headers.** To prevent XSS in HTTP responses that aren't intended to contain any HTML or JavaScript, you can use the Content-Type and X-Content-Type-Options headers to ensure that browsers interpret the responses in the way you intend.
*   **Content Security Policy.** As a last line of defense, you can use Content Security Policy (CSP) to reduce the severity of any XSS vulnerabilities that still occur.

**Common questions about cross-site scripting**

**How common are XSS vulnerabilities?** XSS vulnerabilities are very common, and XSS is probably the most frequently occurring web security vulnerability.

**How common are XSS attacks?** It is difficult to get reliable data about real-world XSS attacks, but it is probably less frequently exploited than other vulnerabilities.

**What is the difference between XSS and CSRF?** XSS involves causing a web site to return malicious JavaScript, while CSRF involves inducing a victim user to perform actions they do not intend to do.

**What is the difference between XSS and SQL injection?** XSS is a client-side vulnerability that targets other application users, while SQL injection is a server-side vulnerability that targets the application's database.

**How do I prevent XSS in PHP?** Filter your inputs with a whitelist of allowed characters and use type hints or type casting. Escape your outputs with htmlentities and ENT_QUOTES for HTML contexts, or JavaScript Unicode escapes for JavaScript contexts.

**How do I prevent XSS in Java?** Filter your inputs with a whitelist of allowed characters and use a library such as Google Guava to HTML-encode your output for HTML contexts, or use JavaScript Unicode escapes for JavaScript contexts.

CVE-2023-41593: What is cross-site scripting (XSS) and how to prevent it? | Web Security Academy

Debian Linux Security Advisory 5495-1 - Multiple vulnerabilities were discovered in frr, the FRRouting suite of internet protocols, while processing malformed requests and packets the BGP daemon may have reachable assertions, NULL pointer dereference, out-of-bounds memory access, which may lead to denial of service attack.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256- -------------------------------------------------------------------------Debian Security Advisory DSA-5495-1                   security@debian.orghttps://www.debian.org/security/                                  Aron XuSeptember 11, 2023                    https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : frrCVE ID         : CVE-2022-36440 CVE-2022-40302 CVE-2022-40318 CVE-2022-43681                  CVE-2023-31490 CVE-2023-38802 CVE-2023-41358Debian Bug     : 1035829 1036062Brief introduction Multiple vulnerbilities were discovered in frr, the FRRouting suite ofinternet protocols, while processing malformed requests and packets the BGPdaemon may have reachable assertions, NULL pointer dereference, out-of-boundsmemory access, which may lead to denial of service attack.For the oldstable distribution (bullseye), these problems have been fixedin version 7.5.1-1.1+deb11u2.For the stable distribution (bookworm), these problems have been fixed inversion 8.4.4-1.1~deb12u1.We recommend that you upgrade your frr packages.For the detailed security status of frr please refer toits security tracker page at:https://security-tracker.debian.org/tracker/frrFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQEzBAEBCAAdFiEEhhz+aYQl/Bp4OTA7O1LKKgqv2VQFAmT+vCQACgkQO1LKKgqv2VTdlwf9Ez2k1hBPYWNge7Izunc6ovIAEeDkSLjAFYU/sEn8ehb2KQAvU27AxtxD0sYhV1XFD0y8gqQIngSgpVD+XKvclPTihS8h48Yx+C3M2e1ce5SnDytvM4AZ9w7fmaHvbysQL1QrKB4TyIr3jnikcMIWgwyzaRTmIpqryFabO44SSSe+Ysn8Mvdbh3p5Zzb9Udm/5iZWybYVO4aO0fndrq8TnfNe9uJCKd6MjUR/0Byppzmzt5lUm8PoW4wuxIgwpy9hXXCUD/ttQztKeK2FScQbz1xSNz6RdomyzDK+dVZ+BnihPUNWECweH9UAm8laSkRR1QzCOEjVGB6pcIge0IKl/w===t+W8-----END PGP SIGNATURE-----

Tag

#sql