#xss

Cross-site scripting (XSS) vulnerability in web content template in Liferay Portal 7.4.3.4 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92 allows remote authenticated users to inject arbitrary web script or HTML via a crafted payload injected into a web content structure's Name text field

Multiple reflected cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.4.3.74 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.6, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 74 through update 92 allow remote attackers to inject arbitrary web script or HTML via the `redirect` parameter to (1) Announcements, or (2) Alerts.

eSentire TRU analyses the new DarkCloud V4.2 infostealer, rewritten in VB6. Find out how the malware steals browser data, crypto, and contacts via targeted phishing.

PiranhaCMS 12.0 allows stored XSS in the Text content block of Standard and Standard Archive Pages via /manager/pages, enabling execution of arbitrary JavaScript in another user s browser.

# Security Advisory: express-xss-sanitizer ## Overview A vulnerability was discovered in express-xss-sanitizer that allowed unbounded recursion depth during sanitization of nested objects. ## Affected Versions - All versions prior to 2.0.1 ## Patched Versions - 2.0.1 and later ## Description The sanitize function in lib/sanitize.js performed recursive sanitization without depth limiting, making it vulnerable to stack overflow attacks via specially crafted deeply nested JSON objects. ## Impact An attacker could cause denial-of-service by sending a request with deeply nested structures, potentially crashing the Node.js process. ## Solution Upgrade to version 2.0.1 or later: ```bash npm install express-xss-sanitizer@latest ```

### Summary The EmbedVideo extension allows adding arbitrary attributes to an HTML element, allowing for stored XSS through wikitext. ### Details The attributes of an iframe are populated with the value of an unreserved data attribute (`data-iframeconfig`) that can be set via wikitext: https://github.com/StarCitizenWiki/mediawiki-extensions-EmbedVideo/blob/440fb331a84b2050f4cc084c1d31d58a1d1c202d/resources/ext.embedVideo.videolink.js#L5-L20 Similar code is also present here: https://github.com/StarCitizenWiki/mediawiki-extensions-EmbedVideo/blob/440fb331a84b2050f4cc084c1d31d58a1d1c202d/resources/modules/iframe.js#L139-L155 It is possible to execute JS through attributes like `onload` or `onmouseenter`. ### PoC 1. Create a page with the following contents: ```html <div class="embedvideo-evl" data-iframeconfig='{"onload": "alert(1)"}'>Click me!</div> <evlplayer></evlplayer> ``` 2. Click on the "Click me!" text 3. Click on the "Load video" button below <img width="855" height="404" a...

A security flaw has been discovered in Mangati NovoSGA up to 2.2.9. The impacted element is an unknown function of the file /admin of the component SVG File Handler. Performing manipulation of the argument logoNavbar/logoLogin results in cross site scripting. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

Think payment iframes are secure by design? Think again. Sophisticated attackers have quietly evolved malicious overlay techniques to exploit checkout pages and steal credit card data by bypassing the very security policies designed to stop them. Download the complete iframe security guide here.  TL;DR: iframe Security Exposed Payment iframes are being actively exploited by attackers using

A stored cross-site scripting (XSS) vulnerability in the Admin Log Viewer of S-Cart <=10.0.3 allows a remote authenticated attacker to inject arbitrary web script or HTML via a crafted User-Agent header. The script is executed in an administrator's browser when they view the security log page, which could lead to session hijacking or other malicious actions.

An authenticated stored cross-site scripting (XSS) vulnerability exists in multiple WSO2 products due to improper validation of user-supplied input during API document upload in the Publisher portal. A user with publisher privileges can upload a crafted API document containing malicious JavaScript, which is later rendered in the browser when accessed by other users. A successful attack could result in redirection to malicious websites, unauthorized UI modifications, or exfiltration of browser-accessible data. However, session-related sensitive cookies are protected by the httpOnly flag, preventing session hijacking.