A cross-site scripting (XSS) vulnerability in the component /logs/dopost.html in RPCMS v3.5.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

**Have a question about this project?** Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Pick a username

Email Address

Password

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CVE-2023-50565: Multiple stored XSS vulnerabilities in rpcms 3.5.5 · Issue #7 · ralap-z/rpcms

Red Hat Security Advisory 2023-7691-03 - Red Hat OpenShift Container Platform release 4.11.55 is now available with updates to packages and images that fix several bugs and add enhancements.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7691.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: OpenShift Container Platform 4.11.55 bug fix and security update  
Advisory ID:        RHSA-2023:7691-03  
Product:            Red Hat OpenShift Enterprise  
Advisory URL:       https://access.redhat.com/errata/RHSA-2023:7691  
Issue date:         2023-12-14  
Revision:           03  
CVE Names:          CVE-2023-39325  
====================================================================

Summary: 

Red Hat OpenShift Container Platform release 4.11.55 is now available with updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container Platform 4.11.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.55. See the following advisory for the RPM packages for this release:

https://access.redhat.com/errata/RHBA-2023:7693

Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html

Security Fix(es):

* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (Rapid Reset Attack) (CVE-2023-39325)

A Red Hat Security Bulletin which addresses further details about the Rapid Reset flaw is available in the References section.

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

All OpenShift Container Platform 4.11 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html

Solution:

CVEs:

CVE-2023-39325

References:

https://access.redhat.com/security/updates/classification/#important  
https://access.redhat.com/security/vulnerabilities/RHSB-2023-003  
https://bugzilla.redhat.com/show_bug.cgi?id=2243296  
https://issues.redhat.com/browse/OCPBUGS-20122  
https://issues.redhat.com/browse/OCPBUGS-23574

Red Hat Security Advisory 2023-7691-03

Red Hat Security Advisory 2023-7690-03 - Red Hat OpenShift Container Platform release 4.11.55 is now available with updates to packages and images that fix several bugs and add enhancements.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7690.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: OpenShift Container Platform 4.11.55 security update  
Advisory ID:        RHSA-2023:7690-03  
Product:            Red Hat OpenShift Enterprise  
Advisory URL:       https://access.redhat.com/errata/RHSA-2023:7690  
Issue date:         2023-12-13  
Revision:           03  
CVE Names:          CVE-2023-39325  
====================================================================

Summary: 

Red Hat OpenShift Container Platform release 4.11.55 is now available with updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container Platform 4.11.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.11.55. See the following advisory for the container images for this release:

https://access.redhat.com/errata/RHSA-2023:7691

Security Fix(es):

* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (Rapid Reset Attack) (CVE-2023-39325)

A Red Hat Security Bulletin which addresses further details about the Rapid Reset flaw is available in the References section.

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

All OpenShift Container Platform 4.11 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html

Solution:

https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html

CVEs:

CVE-2023-39325

References:

https://access.redhat.com/security/updates/classification/#important  
https://access.redhat.com/security/vulnerabilities/RHSB-2023-003  
https://bugzilla.redhat.com/show_bug.cgi?id=2243296  
https://issues.redhat.com/browse/OCPBUGS-22907

Red Hat Security Advisory 2023-7690-03

The package authelia-bhf included in Beckhoffs TwinCAT/BSD is prone to an open redirect that allows a remote unprivileged attacker to redirect a user to another site. This may have limited impact to integrity and does solely affect anthelia-bhf the Beckhoff fork of authelia.

2023-12-13 08:00 (CET) VDE-2023-067  

**Beckhoff: Open redirect in TwinCAT/BSD package authelia-bhf**  
Share: Email | Twitter  

**Published**

2023-12-13 08:00 (CET)

**Last update**

2023-12-11 14:13 (CET)

**Vendor(s)**

Beckhoff Automation GmbH & Co. KG  

**Product(s)**

Article No°

Product Name

Affected Version(s)

authelia-bhf included in TwinCAT/BSD

< 4.37.5

**Summary**

With TwinCAT/BSD based products the HTTPS request to the Authelia login page accepts user-controlled input that specifies a link to an external site.

**CVE ID**

**Last Update:**

Dec. 11, 2023, 11:26 a.m.

**Severity**

**Weakness**

URL Redirection to Untrusted Site ('Open Redirect')  (CWE-601) 

**Summary**

The package authelia-bhf included in Beckhoffs TwinCAT/BSD is prone to an open redirect that allows a remote unprivileged attacker to redirect a user to another site. This may have limited impact to integrity and does solely affect anthelia-bhf the Beckhoff fork of authelia.

**Details**

**Impact**

By default TwinCAT/BSD based products have Authelia installed and configured to perform the user authentication for web applications hosted on a target. This installation and configuration is provided with the package named “authelia-bhf”. With the affected versions of the package Authelia is configured to accept user-controlled input via URL parameter that specifies a link which can then be a link to an arbitrary external site.

Please note: The sources for the package “authelia-bhf” are a fork from the original Open Source Software called “Authelia”. The vulnerability was exclusively introduced with that fork and has been removed there. It never became part of “Authelia”.

**Solution**

**Mitigation**

Use firewall or web-proxy technology at your network perimeter which allow internal clients to access only trusted external sites directly.

**Remediation**

Please update to a recent version of the affected product.

**Reported by**

CVE-2023-6545: VDE-2023-067 | CERT@VDE

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Averta Shortcodes and extra features for Phlox theme allows Stored XSS.This issue affects Shortcodes and extra features for Phlox theme: from n/a through 2.15.2.



**Solution**

 No fix available

 vPatch available

No patched version is available. This plugin has been closed as of December 7, 2023 and is not available for download. This closure is temporary, pending a full review.

Found this useful? Thank Ngô Thiên An (ancorn\_ from VNPT-VCI) for reporting this vulnerability. Buy a coffee ☕

Ngô Thiên An (ancorn\_ from VNPT-VCI) discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress Shortcodes and extra features for Phlox theme Plugin. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has not been known to be fixed yet.

**Other vulnerabilities in this plugin**

 1 present

 2 patched

View all

**WordPress plugin developer?**

Start a free security program for your WordPress plugins or request an audit.

Apply for MVDP

**Security researcher?**

Report to Patchstack Alliance bounty platform and earn monthly cash prizes.

Learn more

CVE-2023-50368: WordPress Shortcodes and extra features for Phlox theme plugin <= 2.15.2 - Cross Site Scripting (XSS) vulnerability - Patchstack

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Livemesh WPBakery Page Builder Addons by Livemesh allows Stored XSS.This issue affects WPBakery Page Builder Addons by Livemesh: from n/a through 3.5.



**Solution**

 Update to fix

Update the WordPress Livemesh Addons for WPBakery Page Builder plugin to the latest available version (at least 3.6).

Found this useful? Thank Abu Hurayra for reporting this vulnerability. Buy a coffee ☕

Abu Hurayra discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress Livemesh Addons for WPBakery Page Builder Plugin. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has been fixed in version 3.6.

**Other vulnerabilities in this plugin**

 0 present

 4 patched

View all

**WordPress plugin developer?**

Start a free security program for your WordPress plugins or request an audit.

Apply for MVDP

**Security researcher?**

Report to Patchstack Alliance bounty platform and earn monthly cash prizes.

Learn more

CVE-2023-50370: WordPress Livemesh Addons for WPBakery Page Builder plugin <= 3.5 - Cross Site Scripting (XSS) vulnerability - Patchstack

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alma Alma – Pay in installments or later for WooCommerce allows Stored XSS.This issue affects Alma – Pay in installments or later for WooCommerce: from n/a through 5.1.3.



**Solution**

 No fix available

 vPatch available

No patched version is available.

Found this useful? Thank Ngô Thiên An (ancorn\_ from VNPT-VCI) for reporting this vulnerability. Buy a coffee ☕

Ngô Thiên An (ancorn\_ from VNPT-VCI) discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress Alma – Pay in installments or later for WooCommerce Plugin. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has not been known to be fixed yet.

**No other known vulnerabilities for this plugin**Report

**WordPress plugin developer?**

Start a free security program for your WordPress plugins or request an audit.

Apply for MVDP

**Security researcher?**

Report to Patchstack Alliance bounty platform and earn monthly cash prizes.

Learn more

CVE-2023-50369: WordPress Alma plugin <= 5.1.3 - Cross Site Scripting (XSS) vulnerability - Patchstack

Download of Code Without Integrity Check vulnerability in PHOENIX CONTACT classic line PLCs allows an unauthenticated remote attacker to modify some or all applications on a PLC.

2023-12-12 08:00 (CET) VDE-2023-057  

**Phoenix Contact: Classic line industrial controllers prone to inadequate integrity check of PLC**  
Share: Email | Twitter  

**Published**

2023-12-12 08:00 (CET)

**Last update**

2023-12-11 15:39 (CET)

**Vendor(s)**

PHOENIX CONTACT GmbH & Co. KG  

**Product(s)**

Article No°

Product Name

Affected Version(s)

Automation Worx Software Suite

all versions

2700988

AXC 1050

all versions

2701295

AXC 1050 XC

all versions

2700989

AXC 3050

all versions

Config+

all versions

2730844

FC 350 PCI ETH

all versions

ILC1x0

all versions

ILC1x1

all versions

ILC 3xx

all versions

PC Worx

all versions

PC Worx Express

all versions

2700291

PC WORX RT BASIC

all versions

2701680

PC WORX SRT

all versions

2730190

RFC 430 ETH-IB

all versions

2730200

RFC 450 ETH-IB

all versions

2700784

RFC 460R PN 3TX

all versions

2916794

RFC 470S PN 3TX

all versions

2404577

RFC 480S PN 4TX

all versions

**Summary**

Phoenix Contact classic line industrial controllers are developed and designed for the use in closed industrial networks. The controllers don’t feature a function to check integrity and authenticity of the application (e.g.: logic files, executable logic, configurations).

A CRC Check warning the user if the application of the Engineering tool and the PLC differs can be manipulated.

**CVE ID**

**Last Update:**

Nov. 14, 2023, 4:42 p.m.

**Severity**

**Weakness**

Download of Code Without Integrity Check  (CWE-494) 

**Summary**

Download of Code Without Integrity Check vulnerability in PHOENIX CONTACT classic line PLCs allows an unauthenticated remote attacker to modify some or all applications on a PLC.

**Details**

**Impact**

The identified vulnerabilities allow to download and execute applications to the classic line industrial controllers without integrity checks.

Potential tampered application might not be discovered.

**Solution**

**Temporary Fix / Mitigation**

Phoenix Contact classic line controllers are developed and designed for use in closed industrial networks. In this approach, the production plant is protected against attacks, especially from the outside, by a multi-level perimeter, including firewalls, and by dividing the plant into OT zones using firewalls.

This concept is supported by organizational measures in the production facility as part of a security management system. To achieve security here, measures are required at all levels. It must be ensured that logic is always transferred or stored in protected environments.

It applies to both data in transmission and data at rest. Connections between the engineering tools (Automation Worx Software Suite) and the controller must always be in a locally protected environment or, in the case of remote access, protected by VPN.

Project data should not be sent as a file via email or other transmission mechanisms without additional integrity and authenticity checks. Project data should only be stored in protected environments. Customers using Phoenix Contact classic line controllers are recommended to operate the devices as intended in closed networks or protected with a suitable firewall.

For general information and recommendations on security measures to protect network-enabled devices, refer to the application note: Application note Security

If a classic line controller can’t be used in protected zones, the OT communication protocols should be disabled. Depending on the controller type, this can be done either via CPU services via console or web-based management. Information on which controllers and from which firmware version onwards communication protocols can be deactivated is described in the application note for classic line controllers or in the manual for the respective controller, which is available for download on the Phoenix Contact website.  
A summary of measures to protect devices based on classic control technology is provided here: Measures to protect devices based on classic control technology

**Reported by**

This vulnerability was reported by Reid Wightman at Dragos, Inc.

PHOENIX CONTACT thanks CERT@VDE for the coordination and support with this publication.

CVE-2023-46143: VDE-2023-057 | CERT@VDE

Incorrect Permission Assignment for Critical Resource vulnerability in multiple products of the PHOENIX CONTACT classic line allow an remote unauthenticated attacker to gain full access of the affected device.

2023-12-12 08:00 (CET) VDE-2023-055  

**Phoenix Contact: Automation Worx and classic line controllers prone to Incorrect Permission Assignment for Critical Resource**  
Share: Email | Twitter  

**Published**

2023-12-12 08:00 (CET)

**Last update**

2023-12-11 14:46 (CET)

**Vendor(s)**

PHOENIX CONTACT GmbH & Co. KG  

**Product(s)**

Article No°

Product Name

Affected Version(s)

Automation Worx Software Suite

all versions

2700988

AXC 1050

all versions

2701295

AXC 1050 XC

all versions

2700989

AXC 3050

all versions

Config+

all versions

2730844

FC 350 PCI ETH

all versions

ILC1x0

all versions

ILC1x1

all versions

ILC 3xx

all versions

PC Worx

all versions

PC Worx Express

all versions

2700291

PC WORX RT BASIC

all versions

2701680

PC WORX SRT

all versions

2730190

RFC 430 ETH-IB

all versions

2730200

RFC 450 ETH-IB

all versions

2700784

RFC 460R PN 3TX

all versions

2916794

RFC 470S PN 3TX

all versions

2404577

RFC 480S PN 4TX

all versions

**Summary**

Phoenix Contact classic line industrial controllers are developed and designed for the use in closed industrial networks. The controllers don’t feature a function to check integrity and authenticity of the application (e.g.: logic files, executable logic, configurations).

Logic files generated by Automation Worx could be manipulated on the engineering station and loaded into the PLC without tamper detection. In addition, the tampering can be done by specially designed attacks in such a way that it remains hidden, and the logic program modifies its own code, making it difficult to determine the impact of a malicious program.

**CVE ID**

**Last Update:**

Nov. 3, 2023, 9:11 a.m.

**Severity**

**Weakness**

Incorrect Permission Assignment for Critical Resource  (CWE-732) 

**Summary**

Incorrect Permission Assignment for Critical Resource vulnerability in multiple products of the PHOENIX CONTACT classic line allow an remote unauthenticated attacker to gain full access of the affected device.

**Details**

**Impact**

The identified vulnerabilities allow attackers to generate logic files or upload logic with arbitrary malicious code to the classic line industrial controllers once they have access to the engineering station running Automation Worx Software Suite or can communicate with the controllers. Attackers must have network or physical access to the engineering station or controller to exploit this vulnerability.

**Solution**

**Mitigation**

Phoenix Contact classic line controllers are developed and designed for use in closed industrial networks. In this approach, the production plant is protected against attacks, especially from the outside, by a multi-level perimeter, including firewalls, and by dividing the plant into OT zones using firewalls.

This concept is supported by organizational measures in the production facility as part of a security management system. To achieve security here, measures are required at all levels. It must be ensured that logic is always transferred or stored in protected environments.

It applies to both data in transmission and data at rest. Connections between the engineering tools (Automation Worx Software Suite) and the controller must always be in a locally protected environment or, in the case of remote access, protected by VPN.

Project data should not be sent as a file via email or other transmission mechanisms without additional integrity and authenticity checks. Project data should only be stored in protected environments. Customers using Phoenix Contact classic line controllers are recommended to operate the devices as intended in closed networks or protected with a suitable firewall.

For general information and recommendations on security measures to protect network-enabled devices, refer to the application note: Application note Security

If a classic line controller can’t be used in protected zones, the OT communication protocols should be disabled. Depending on the controller type, this can be done either via CPU services via console or web-based management. Information on which controllers and from which firmware version onwards communication protocols can be deactivated is described in the application note for classic line controllers or in the manual for the respective controller, which is available for download on the Phoenix Contact website.  
A summary of measures to protect devices based on classic control technology is provided here:  
Measures to protect devices based on classic control technology

**Reported by**

This vulnerability was reported by Reid Wightman at Dragos, Inc.

PHOENIX CONTACT thanks CERT@VDE for the coordination and support with this publication.

CVE-2023-46141: VDE-2023-055 | CERT@VDE

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Twinpictures Annual Archive allows Stored XSS.This issue affects Annual Archive: from n/a through 1.6.0.



**Solution**

 No fix available

No patched version is available.

Found this useful? Thank Ngô Thiên An (ancorn\_ from VNPT-VCI) for reporting this vulnerability. Buy a coffee ☕

Ngô Thiên An (ancorn\_ from VNPT-VCI) discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress Annual Archive Plugin. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has not been known to be fixed yet.

**Other vulnerabilities in this plugin**

 1 present

 1 patched

View all

**WordPress plugin developer?**

Start a free security program for your WordPress plugins or request an audit.

Apply for MVDP

**Security researcher?**

Report to Patchstack Alliance bounty platform and earn monthly cash prizes.

Learn more

Tag

#web