#web

### Summary `\PhpOffice\PhpSpreadsheet\Writer\Html` doesn't sanitize spreadsheet styling information such as font names, allowing an attacker to inject arbitrary JavaScript on the page. ### PoC Example target script: ``` <?php require 'vendor/autoload.php'; $reader = \PhpOffice\PhpSpreadsheet\IOFactory::createReader("Xlsx"); $spreadsheet = $reader->load(__DIR__ . '/book.xlsx'); $writer = new \PhpOffice\PhpSpreadsheet\Writer\Html($spreadsheet); print($writer->generateHTMLAll()); ``` Save this file in the same directory: [book.xlsx](https://github.com/PHPOffice/PhpSpreadsheet/files/15212797/book.xlsx) Open index.php in a web browser. An alert should be displayed. ### Impact Full takeover of the session of users viewing spreadsheet files as HTML.

A non-profit supporting Vietnamese human rights has been the target of a multi-year campaign designed to deliver a variety of malware on compromised hosts. Cybersecurity company Huntress attributed the activity to a threat cluster known as APT32, a Vietnamese-aligned hacking crew that's also known as APT-C-00, Canvas Cyclone (formerly Bismuth), Cobalt Kitty, and OceanLotus. The intrusion is

Cybersecurity researchers have flagged multiple in-the-wild exploit campaigns that leveraged now-patched flaws in Apple Safari and Google Chrome browsers to infect mobile users with information-stealing malware. "These campaigns delivered n-day exploits for which patches were available, but would still be effective against unpatched devices," Google Threat Analysis Group (TAG) researcher Clement

pgAdmin versions 8.4 and below are affected by a remote code execution vulnerability through the validate binary path API. This vulnerability allows attackers to execute arbitrary code on the server hosting PGAdmin, posing a severe risk to the database management system's integrity and the security of the underlying data.

Suspected Russian hackers have compromised a series of websites to utilize sophisticated spyware exploits that are eerily similar to those created by NSO Group and Intellexa.

Online Graduate Tracer System version 1.0.0 suffers from an insecure direct object reference vulnerability.

SPIP version 4.2.5 suffers from a code execution vulnerability.

Online Appointment System version 1.0 suffers from an ignored default credential vulnerability.

Multi-Vendor Online Groceries Management System version 1.0 suffers from an ignored default credential vulnerability.

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Rockwell Automation Equipment: ThinManager ThinServer Vulnerabilities: Improper Privilege Management, Incorrect Permission Assignment for Critical Resource, Improper Input Validation 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to read arbitrary files and execute arbitrary code with system privileges. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Rockwell Automation ThinManager ThinServer, a client management software, are affected: ThinManager ThinServer: Versions 11.1.0 to 11.1.7 ThinManager ThinServer: Versions 11.2.0 to 11.2.8 ThinManager ThinServer: Versions 12.0.0 to 12.0.6 ThinManager ThinServer: Versions 12.1.0 to 12.1.7 ThinManager ThinServer: Versions 13.0.0 to 13.0.4 ThinManager ThinServer: Versions 13.1.0 to 13.1.2 ThinManager ThinServer: Versions 13.2.0 to 13.2.1 3.2 Vulnerability Overview 3.2.1 Impro...