#web

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal JSON Field allows Cross-Site Scripting (XSS). This issue affects JSON Field: from 0.0.0 before 1.5.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Plausible tracking allows Cross-Site Scripting (XSS). This issue affects Plausible tracking: from 0.0.0 before 1.0.2.

A major Microsoft outage has disrupted Azure, Microsoft 365, Xbox, and Minecraft worldwide after a configuration failure, with services now gradually recovering.

A new investigation from mobile security firm Zimperium has revealed a fast-growing cybersecurity threat targeting Android users through…

# Patch This is fixed with [commit b953092](https://github.com/PixarAnimationStudios/OpenUSD/commit/b9530922b6a8ea72cd43661226b693fff8abbe4c), with the fix available in OpenUSD 25.11 and onwards. # Summary We have been advised by Zero Day Initiative that our usage of the USD framework may constitute a Use-After-Free Remote Code Execution Vulnerability. They have sent us the attached file illustrating the issue. Indeed, we see a use after free exception when running the file through our importer with an address sanitizer. [zdi-23709-poc0.zip](https://github.com/user-attachments/files/17474297/zdi-23709-poc0.zip) Thanks in advance.

### Summary The default HTML editor provider allows unauthenticated file uploads and images can overwrite existing files. ### Description An unauthenticated user can upload and replace existing files allowing defacing a website and combined with other issue, injection XSS payloads.

### Summary Sanitization of the content of uploaded SVG files was not covering all possible XSS scenarios. ### Details DNN validates the contents of SVG's to ensure they are valid and do not contain any malicious code. These checks were introduced as part of `CVE-2025-48378`. However, the checks to ensure there are no script elements within the SVG files are not comprehensive and may allow some malicious SVG files to be uploaded. As this vulnerability allows for the execution of arbitrary JavaScript code within the context of the user's browser, it can lead to a range of attacks, including data exfiltration, session hijacking, and defacement of the web application to name a few.

### Summary The out-of-box experience for HTML editing allows unauthenticated users to upload files. This opens a potential vector to other security issues and is not needed on most implementations. ### Details The new out-of-box experience blocks that endpoint to unauthenticated users. If there is a real need for the implementation to allow unauthenticated uploads, then the web.config can be edited by the implementer to remove that block and open the endpoint to the public.

The second major cloud outage in less than two weeks, Azure’s downtime highlights the “brittleness” of a digital ecosystem that depends on a few companies never making mistakes.

### Summary SQL Injection vulnerability in TypeORM before 0.3.26 via crafted request to repository.save or repository.update due to the sqlstring call using stringifyObjects default to false. ### Details Vulnerable Code: ```js const { username, city, name} = req.body; const updateData = { username, city, name, id:userId }; // Developer aims to only allow above three fields to be updated const result = await userRepo.save(updateData); ``` Intended Payload (non-malicious): ` username=myusername&city=Riga&name=Javad ` _OR_ `{username:\"myusername\",phone:12345,name:\"Javad\"} ` SQL query produced: ```sql UPDATE `user` SET `username` = 'myusername', `city` = 'Riga', `name` = 'Javad' WHERE `id` IN (1); ``` Malicious Payload: `username=myusername&city[name]=Riga&city[role]=admin ` _OR_ `{username:\"myusername\",city:{name:\"Javad\",role:\"admin\"}} ` SQL query produced with Injected Column: ```sql UPDATE `user` SET `username` = 'myusername...