Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Stephen Darlington, Wandle Software Limited Smart App Banner plugin <= 1.1.3 versions.

**Solution**

 No fix

No patched version is available.

Found this useful? Thank Rio Darmawan for reporting this vulnerability. Buy a coffee ☕

Rio Darmawan discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress Smart App Banner Plugin. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has not been known to be fixed yet.

**Other vulnerabilities in this plugin**

 1 present

 1 patched

View all

**WordPress plugin developer?**

Start a free security program for your WordPress plugins or request an audit.

Apply for MVDP

**Security researcher?**

Report to Patchstack Alliance bounty platform and earn monthly cash prizes.

Learn more

CVE-2023-46200: WordPress Smart App Banner plugin <= 1.1.3 - Cross Site Scripting (XSS) - Patchstack

An issue was discovered in VERMEG AgileReporter 21.3. XXE can occur via an XML document to the Analysis component.

CVE-2022-34832: XXE in AgileReporter 21.3 by VERMEG

An issue was discovered in VERMEG AgileReporter 21.3. Attackers can gain privileges via an XSS payload in an Add Comment action to the Activity log.

For a strategic solution you seek:

*   Cost reduction & risk reduction
*   Efficiency optimisation
*   Embedded regulatory change management
*   Straight through process control
*   Senior management certification obligations
*   Regulatory reporting certainty, globally
*   Machine-readable regulatory reporting readiness

**SaaS**

Reduce your TCO. Let VERMEG handle the IT complexity​

**AGILE MI**

Gain valuable insights from your regulatory data​​

**AGILE Assure**

Bring the DataOps revolution to your regulatory data management ​​

​​

**Digital Transformation**

Extend, customise and innovate with AGILE Design Studio and Veggo ​​

**AGILE Reporter value for our clients**

Calculation & allocation: Comprehensive calculations from Basel III risks to national statistical allocations

Ratios: Credit & Market Risk, Leverage, Liquidity Coverage, Large Exposures, IRFS standard computations, integration of models and own analysis reporting

International reporting: Coverage including EBA & ECB (COREP, AnaCredit etc), and multiple international regulators in EU, UK, US, and MAS, HKMA, APRA and others

Added value: Capital utilisation, CFO & management information, dashboard status, threshold alerts, key performance metrics

Change management: VERMEG regulatory change management includes horizon management, impact analyses, data deltas and reporting update service

Workflow and maximised automation: Validations, variance, trend and other sanity checks achieve optimised straight-through processing

Process control: Enjoy ‘exceptions only’ intervention & instantly traceable attestation & approval audit trail

Sized & delivered to suit you: Choose from enterprise-wide full automation, or local last mile, on premise, in the cloud or Regulatory-Reporting-As-A-Service

Download our brochure about AGILE Reporter (PDF).

Granular Data Reporting – a new paradigm of innovation in regulatory reporting or just new challenges?

**Download the Whitepaper**

**Client stories**

**Client 1  
Tier 1 Domestic Bank**

**Challenge**

*   To find a Regulatory Reporting solution capable of integrating with external calculation and processing capabilities
*   To reduce operational risk
*   To increase reporting consistency and transparency
*   To facilitate accelerated regulatory change management

**Client 2  
Neobank growing from start-up**

**Challenge**

*   To find a partner for its Finance team to assist with regulatory reporting requirements in the immediate term and the future as the organisation evolves and scales to a fully fledged bank.
*   The need for a solution/system that minimises the resource requirements of bank’s teams in the areas of Solution Delivery
*   To find a vendor to provide not just a solution but also subject matter expertise to complement the in house team, and to ensure all new regulatory reporting requirements can be met.

**Solution**

*   Provision of AGILE Reporter’s out of the box integration to Oracle’s OFSAA (Oracle Financial Services Analytical Applications) platform.
*   Improved Straight Through Processing (STP) achieved from direct coupling of outputs from OFSAA Results data to AGILE Reporter.
*   VERMEG Subject Matter Expertise around the interpretation of client requirements and business for reporting purposes and the delivery of the operational process to fulfil these.
*   Ability to incorporate data from sources outside of OFSAA into regulatory reporting workflow to ensure completeness of automated reporting coverage.

**Solution**

*   Full scope automated AGILE Reporter deployment
*   VERMEG regulatory expertise to provide guidance on current and future regulatory requirements
*   Analysis Module to facilitate Bank scrutiny of Regulatory Data
*   Hosted on VERMEG cloud platform (Amazon Web Services)

**Results**

*   Streamlined overall Regulatory Reporting workflow while minimising manual intervention in the process
*   Increased accuracy of reporting results through use of the consolidated platform
*   Transparency of process by providing lineage of reporting data from source to regulatory return

**Results**

*   Automated, end-to-end solution providing population of regulatory returns from source data without manual intervention or work arounds
*   Flexible data mapping that meets the needs of a growing business and an evolving IT Architecture
*   Consistent data lineage from source through to final returns
*   Comprehensive validation checks ensure integrity of regulator submissions
*   Cloud solution minimises burden on Bank’s technical resources with regard to both delivery and ongoing maintenance

****Awards & Certifications****

**VEREMG is delighted to share that we were recently awarded ‘Best Vendor Solution for APRA APS 220′ AND ‘Best MAS 610 Solution’ by the RegTech Insight APAC Awards 2022 for our AGILE Reporter solution.**

Read More

CVE-2022-34834: AgileReporter | Regulatory Reporting Solution by VERMEG

The "iLeakage" attack affects all recent iPhone, iPad, and MacBook models, allowing attackers to peruse your Gmail inbox, steal your Instagram password, or scrutinize your YouTube history.

Researchers have developed a side-channel exploit for Apple CPUs, enabling sophisticated attackers to extract sensitive information from browsers.

Side-channel attacks are usually overlooked, often physical counterparts to traditional software hacks. Rather than an unsecured password or a vulnerability in a program, they take advantage of the extra information a computer system or hardware generates — in the form of sound, light, or electromagnetic radiation, for example, or in the time it takes to complete certain computations (a timing attack).

On Wednesday, four researchers — including two of those responsible for uncovering the Spectre processor vulnerability back in 2018 — published the details of such an attack, which they've named "iLeakage," affecting all recent iPhone, iPad, and MacBook models.

The researchers informed Apple of their findings on Sept. 12, 2022, according to their website, and the company has since developed a mitigation. However, it's still considered unstable, it's not enabled on devices by default, and mitigating is only possible on Macs, not mobile devices.

In comments provided to Dark Reading on background, an Apple spokesperson wrote, "This proof of concept advances our understanding of these types of threats. We are aware of the issue and it will be addressed in our next scheduled software release."

**How iLeakage Works**

iLeakage takes advantage of A- and M-series Apple silicon CPUs' capacity to perform speculative execution.

Speculative execution is a method by which modern CPUs predict tasks before they're even prompted, in order to speed up information processing. "This technique has been around for over 20 years, and today all modern CPUs use it — it significantly speeds up processing, even accounting for times it might get the anticipated instructions wrong," explains John Gallagher, vice president of Viakoo Labs.

The rub is that "cache inside the CPU holds a lot of valuable data, including what might be staged for upcoming instructions. iLeakage uses the Apple WebKit capabilities inside a browser to use JavaScript to gain access to those contents."

Specifically, the researchers used a new speculation-based gadget to read the contents of another webpage when a victim clicked on their malicious webpage.

"Alone, WebKit would not enable the cache contents to be divulged, nor would how A-Series and M-Series perform speculative execution — it's the combination of the two together that leads to this exploit," Gallagher explains.

**A Successor to Meltdown/Spectre**

"This builds on a line of attacks against CPU vulnerabilities that started around 2017 with Meltdown and Spectre," Lionel Litty, chief security architect at Menlo Security points out. "High level, you want to think about applications and processes, and trust that the operating system with help from the hardware is properly isolating these from one another," but those two exploits broke the fundamental isolation between different applications, and an application and operating system, that we tend to take for granted as users, he says.

iLeakage, then, is a spiritual successor that focuses on breaking the isolation between browser tabs.

The good news is, in their website's FAQ section, the researchers described iLeakage as "a significantly difficult attack to orchestrate end-to-end," which "requires advanced knowledge of browser-based side-channel attacks and Safari's implementation." They also noted that successful exploitation hasn't been demonstrated in the wild.

Were a capable enough attacker to come along and try it, however, this method is powerful enough to siphon just about any data users traffic online: logins, search histories, credit card details, what have you. In YouTube videos, the researchers demonstrated how their exploit could expose victims' Gmail inboxes, their YouTube watch histories, and their Instagram passwords, as just a few examples.

**iPhone Users Are Especially Affected**

Though it takes advantage of the idiosyncrasies in Safari's JavaScript engine specifically, iLeakage affects all browsers on iOS, because Apple's policies force all iPhone browser apps to use Safari's engine.

"Chrome, Firefox and Edge on iOS are simply wrappers on top of Safari that provide auxiliary features such as synchronizing bookmarks and settings. Consequently, nearly every browser application listed on the App Store is vulnerable to iLeakage," the researchers explained.

iPhone users are doubly in trouble, because the best fix Apple has released thus far only works on MacBooks (and, for that matter, only in an unstable state). But for his part, Gallagher backs Apple's ability to design an effective remediation.

"Chip-level vulnerabilities are typically hard to patch, which is why it is not surprising that there is not a fix for this right now. It will take time, but ultimately if this becomes a real exploited vulnerability a patch will likely be available," he says.

Safari Side-Channel Attack Enables Browser Theft

baserCMS is a website development framework with WebAPI that runs on PHP8 and CakePHP4. There is a XSS Vulnerability in Favorites Feature to baserCMS. This issue has been patched in version 4.8.0.


*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   Pricing

**Search code, repositories, users, issues, pull requests...**

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

CVE-2023-29009: Release basercms 4.8.0 リリース · baserproject/basercms

As Israel increases its ground operation in Gaza, the last remaining internet and mobile connections have gone dark.

For more than three weeks, Gaza has faced an almost total internet blackout. The cables, cell towers, and infrastructure needed to keep people online have been damaged or destroyed as Israel launched thousands of missiles in response to Hamas attacking Israel and taking hundreds of hostages on October 7. Then, this evening, amid reports of heavy bombing in Gaza, some of the last remaining connectivity disappeared.

In the days after October 7, people living in Gaza have been unable to communicate with family or friends, leaving them unsure whether loved ones are alive. Finding reliable news about events has become harder. Rescue workers have not been able to connect to mobile networks, hampering recovery efforts. And information flowing out of Gaza, showing the conditions on the ground, has been stymied.

As the Israel Defense Forces said it was expanding its ground operations in Gaza this evening, internet connectivity fell further. Paltel, the main Palestinian communications company, has been able to keep some of its services online during Israel’s military response to Hamas’ attack. However, at around 7:30 pm local time today, internet monitoring firm NetBlocks confirmed a “collapse” in connectivity in the Gaza Strip, mostly impacting remaining Paltel services.

“We regret to announce a complete interruption of all communications and internet services within the Gaza Strip,” Paltel posted in a post on its Facebook page. The company claimed that bombing had “caused the destruction of all remaining international routes.” An identical post was made on the Facebook page of Jawwal, the region’s biggest mobile provider, which is owned by Paltel. Separately, Palestinian Red Crescent, a humanitarian organization, said on X (formerly Twitter) that it had lost contact with its operation room in Gaza and is “deeply concerned” about its ability to keep caring for people, with landline, cell, and internet connections being inaccessible.

“This is a terrifying development,” Marwa Fatafta, a policy manager focusing on the Middle East and North Africa at the digital rights group Access Now, tells WIRED. “Taking Gaza completely off the grid while launching an unprecedented bombardment campaign only means something atrocious is about to happen.”

A WIRED review of internet analysis data, social media posts, and Palestinian internet and telecom company statements shows how connectivity in the Gaza Strip drastically plummeted after October 7 and how some buildings linked to internet firms have been damaged in attacks. Photos and videos show sites that house various internet and telecom firms have been damaged, while reports from official organizations, including the United Nations, describe the impact of people being offline.

Damaged Lines

Around the world, the internet and telecoms networks that typically give web users access to international video calls, online banking, and endless social media are a complicated, sprawling mix of hardware and software. Networks of networks, combining data centers, servers, switches, and reams of cables, communicate with each other and send data globally. Local internet access is provided by a mix of companies with no clear public documentation of their infrastructure, making it difficult to monitor the overall status of the system as a whole. In Gaza, experts say, internet connectivity is heavily reliant on Israeli infrastructure to connect to the outside world.

Amid Israel’s intense bombing of Gaza, physical systems powering the internet have been destroyed. On October 10, the United Nations’ Office for the Coordination of Humanitarian Affairs (OCHA), which oversees emergency responses, said air strikes “targeted several telecommunication installations” and had destroyed two of the three main lines of communications going into Gaza.

The Destruction of Gaza’s Internet Is Complete


Due to inadequate code logic, a previously unauthenticated threat actor could potentially obtain a local Windows OS user token through the FactoryTalk® Services Platform web service and then use the token to log in into FactoryTalk® Services Platform . This vulnerability can only be exploited if the authorized user did not previously log in into the FactoryTalk® Services Platform web service.



**JavaScript required**

JavaScript is required. This web browser does not support JavaScript or JavaScript in this web browser is not enabled.

To find out if your web browser supports JavaScript or to enable JavaScript, see web browser help.

CVE-2023-46290: Sign In

Denial of Service in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA Virtual Server

CTX579459

{{tooltipText}}

Security Bulletin | Severity: Critical | {{likeCount}} found this helpful | Created: {{articleFormattedCreatedDate}} | Modified: {{articleFormattedModifiedDate}} | Status: Final

**Description of Problem**

Multiple vulnerabilities have been discovered in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway).

Affected Versions: 

The following supported versions of NetScaler ADC and NetScaler Gateway are affected by the vulnerabilities: 

*   NetScaler ADC and NetScaler Gateway 14.1 before 14.1-8.50
*   NetScaler ADC and NetScaler Gateway 13.1 before 13.1-49.15
*   NetScaler ADC and NetScaler Gateway 13.0 before 13.0-92.19
*   NetScaler ADC 13.1-FIPS before 13.1-37.164
*   NetScaler ADC 12.1-FIPS before 12.1-55.300
*   NetScaler ADC 12.1-NDcPP before 12.1-55.300

Note: NetScaler ADC and NetScaler Gateway version 12.1 is now End-of-Life (EOL) and is vulnerable.

This bulletin only applies to customer-managed NetScaler ADC and NetScaler Gateway products. Customers using Citrix-managed cloud services or Citrix-managed Adaptive Authentication do not need to take any action.

Summary: 

NetScaler ADC and NetScaler Gateway contain unauthenticated buffer-related vulnerabilities mentioned below 

CVE ID

Description

Pre-requisites

CWE

CVSS

CVE-2023-4966

Sensitive information disclosure

Appliance must be configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server

Improper Restriction of Operations within the Bounds of a Memory BufferCWE-119

9.4

CVE-2023-4967

Denial of service

Appliance must be configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server

Improper Restriction of Operations within the Bounds of a Memory BufferCWE-119

8.2

**Mitigating Factors**

None.

**What Customers Should Do**

**Exploits of CVE-2023-4966 on unmitigated appliances have been observed.** Cloud Software Group strongly urges customers of NetScaler ADC and NetScaler Gateway to install the relevant updated versions of NetScaler ADC and NetScaler Gateway as soon as possible: 

*   NetScaler ADC and NetScaler Gateway 14.1-8.50  and later releases
*   NetScaler ADC and NetScaler Gateway  13.1-49.15  and later releases of 13.1
*   NetScaler ADC and NetScaler Gateway 13.0-92.19 and later releases of 13.0  
*   NetScaler ADC 13.1-FIPS 13.1-37.164 and later releases of 13.1-FIPS  
*   NetScaler ADC 12.1-FIPS 12.1-55.300 and later releases of 12.1-FIPS  
*   NetScaler ADC 12.1-NDcPP 12.1-55.300 and later releases of 12.1-NDcPP 

Note: NetScaler ADC and NetScaler Gateway version 12.1 is now End-of-Life (EOL). Customers are recommended to upgrade their appliances to one of the supported versions that address the vulnerabilities.

Cloud Software Group has also published a related blog at https://www.netscaler.com/blog/news/cve-2023-4966-critical-security-update-now-available-for-netscaler-adc-and-netscaler-gateway/ which contains a further context.

**What Citrix is Doing**

Citrix is notifying customers and channel partners about this potential security issue through the publication of this security bulletin on the Citrix Knowledge Center at https://support.citrix.com/securitybulletins.

**Obtaining Support on This Issue**

If you require technical assistance with this issue, please contact Citrix Technical Support. Contact details for Citrix Technical Support are available at https://www.citrix.com/support/open-a-support-case.

**Subscribe to Receive Alerts**

Citrix strongly recommends that all customers subscribe to receive alerts when a Citrix security bulletin is created or modified at https://support.citrix.com/user/alerts.

**Reporting Security Vulnerabilities to Citrix**

Citrix welcomes input regarding the security of its products and considers any and all potential vulnerabilities seriously. For details on our vulnerability response process and guidance on how to report security-related issues to Citrix, please see the following webpage: https://www.citrix.com/about/trust-center/vulnerability-process.html.

**Disclaimer**

This document is provided on an "as is" basis and does not imply any kind of guarantee or warranty, including the warranties of merchantability or fitness for a particular use. Your use of the information on the document is at your own risk. Citrix reserves the right to change or update this document at any time. Customers are therefore recommended to always view the latest version of this document directly from the Citrix Knowledge Center.

**Changelog**

2023-10-10 T 16:00:00Z

Initial Publication

2023-10-17 T 16:00:00Z

Inclusion of information related to the exploitation of CVE-2023-4966

2023-10-23 T 16:00:00Z

Inclusion of a link to the Cloud Software Group blog post about CVE-2023-4966

CVE-2023-4967: NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2023-4966 and CVE-2023-4967


Rockwell Automation FactoryTalk View Site Edition insufficiently validates user input, which could potentially allow threat actors to send malicious data bringing the product offline. If exploited, the product would become unavailable and require a restart to recover resulting in a denial-of-service condition.



CVE-2023-46289: Sign In


Rockwell Automation Arena Simulation contains an arbitrary code execution vulnerability that could potentially allow a malicious user to commit unauthorized code to the software by using an uninitialized pointer in the application.  The threat-actor could then execute malicious code on the system affecting the confidentiality, integrity, and availability of the product.  The user would need to open a malicious file provided to them by the attacker for the code to execute.



Tag

#web