#vulnerability

This edition highlights the detailed studies that have been recently published on how ransomware attacks affect victims, from PTSD to burnout, and discusses ways to help deal with the fallout of victimization.

### Summary LibreNMS <= 25.8.0 contains a **Stored Cross-Site Scripting (XSS)** vulnerability in the Alert Transports management functionality. When an administrator creates a new Alert Transport, the value of the `Transport name` field is stored and later rendered in the **Transports** column of the **Alert Rules** page without proper input validation or output encoding. This leads to arbitrary JavaScript execution in the admin’s browser. ### Details * **Injection point:** `Transport name` field in `/alert-transports`. * **Execution point:** **Transports** column in `/alert-rules`. * **Scope:** Only administrators can create Alert Transports, and only administrators can view the affected Alert Rules page. Therefore, both exploitation and impact are limited to admin users. ### Steps to reproduce 1. Log in with an administrator account. 2. Navigate to: ``` http://localhost:8000/alert-transports ``` 3. Click **Create alert transport** and provide the following values: ...

Input passed to the GET parameter 'error' is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML/JS code in a user's browser session in context of an affected site.

An unauthenticated absolute and relative path traversal vulnerability exists in the smart home/building automation platform via the /ajax/php/get_file_content.php endpoint. By supplying a crafted 'file' POST parameter, a remote attacker can read arbitrary files from the server's file system, resulting in sensitive information disclosure.

The EVE X1 server suffers from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the 'mbus_file' and 'mbus_csv' HTTP POST parameters through /ajax/php/mbus_build_from_csv.php script.

The following versions of Spring Cloud Gateway Server Webflux may be vulnerable to the ability to expose environment variables and system properties to attackers. An application should be considered vulnerable when all the following are true: * The application is using Spring Cloud Gateway Server Webflux (Spring Cloud Gateway Server WebMVC is not vulnerable). * An admin or untrusted third party using Spring Expression Language (SpEL) to access environment variables or system properties via routes. * An untrusted third party could create a route that uses SpEL to access environment variables or system properties if: * The Spring Cloud Gateway Server Webflux actuator web endpoint is enabled via management.endpoints.web.exposure.include=gateway and management.endpoint.gateway.enabled=trueor management.endpoint.gateway.access=unrestricte. * The actuator endpoints are available to attackers. * The actuator endpoints are unsecured.

STOMP over WebSocket applications may be vulnerable to a security bypass that allows an attacker to send unauthorized messages. ### Affected Spring Products and Versions Spring Framework: * 6.2.0 - 6.2.11 * 6.1.0 - 6.1.23 * 6.0.x - 6.0.29 * 5.3.0 - 5.3.45 * Older, unsupported versions are also affected. ### Mitigation Users of affected versions should upgrade to the corresponding fixed version. ### Affected version(s) Fix version | Availability -|- 6.2.x | 6.2.12 OSS 6.1.x | 6.1.24 Commercial https://enterprise.spring.io/ 6.0.x | N/A Out of support https://spring.io/projects/spring-framework#support 5.3.x | 5.3.46 Commercial https://enterprise.spring.io/ No further mitigation steps are necessary. CreditThis vulnerability was discovered and responsibly reported by Jannis Kaiser.

Former GOP operative Scott Leiendecker just bought Dominion Voting Systems, giving him ownership of voting systems used in 27 states. Election experts don't know what to think.

Strapi uses JSON Web Tokens (JWT) for authentication. After logout or account deactivation, the JWT is not invalidated, which allows an attacker who has stolen or intercepted the token to freely reuse it until its expiration date (which is set to 30 days by default, but can be changed). The existence of /admin/renew-token endpoint allows anyone to renew near-expiration tokens indefinitely, further increasing the impact of this attack. This issue has been fixed in version 5.24.1.

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.3 ATTENTION: Low Attack Complexity Vendor: Siemens Equipment: Solid Edge Vulnerabilities: Out-of-bounds Write, Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to crash the application or execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: Siemens Solid Edge SE2024: All versions < V224.0 Update 14 Siemens Solid Edge SE2025: All versions < V225.0 Update 6 3.2 VULNERABILITY OVERVIEW 3.2.1 OUT-OF-BOUNDS WRITE CWE-787 The affected applications contain an out of bounds write vulnerability while parsing specia...