#xss

Inserts/JSX expressions inside illegal inlined JSX fragments lacked escaping, allowing user input to be rendered as HTML when put directly inside JSX fragments. For instance, `?text=<svg/onload=alert(1)>` would trigger XSS here. ```js const [text] = createResource(() => { return new URL(getRequestEvent().request.url).searchParams.get("text"); }); return ( <> Text: {text()} </> ); ```

February Linux Patch Wednesday. There are 561 vulnerabilities in total. 338 in Linux Kernel. Formally, there is one vulnerability with a sign of exploitation in the wild: RCE – 7-Zip (CVE-2025-0411). But it is about Windows MoTW and, naturally, is not exploitable on Linux. There are public exploits for 21 vulnerabilities. Among them there are […]

Description information displayed in the site administration live log required additional sanitizing to prevent a stored XSS risk.

The question bank filter required additional sanitizing to prevent a reflected XSS risk.

The drag-and-drop onto image (ddimageortext) question type required additional sanitizing to prevent a stored XSS risk.

Versions of the package tarteaucitronjs before 1.17.0 are vulnerable to Cross-site Scripting (XSS) via the getElemWidth() and getElemHeight(). This is related to [SNYK-JS-TARTEAUCITRONJS-8366541](https://security.snyk.io/vuln/SNYK-JS-TARTEAUCITRONJS-8366541)

### Summary There is a cross-site scripting vulnerability on To-Do that affects a title field of a To-Do.

### Description Leantime allows stored cross-site scripting (XSS) in the API key name while generating the API key. ### Impact Any low privileged user like manager, or editor, can create an API key with XSS payload. When admin will visit the Company page, the XSS will automatically get triggerred leading to the unauthorized action performed from the ADMIN account. Like, removing any user, or adding someone else as high privilege, and many more.

### Summary A cross-site scripting (XSS) vulnerability has been identified in Leantime. The vulnerability allows an attacker to inject malicious scripts into certain fields, potentially leading to the execution of arbitrary code or unauthorized access to user-sensitive information. The code does not include any validation or sanitization of the $_GET["id"] parameter. As a result, it directly incorporates the user-supplied value into the source path without any checks.

### Summary Stored XSS, also known as persistent XSS, is the more damaging of the two. It occurs when a malicious script is injected directly into a vulnerable web application. ### Details A Stored Cross-Site Scripting (XSS) vulnerability was found that could potentially compromise user data and pose a significant security risk to the platform. ### PoC - Create a project - Navigate to project - Visit to the integration - Add malicious payload inside the webhook and save it. - Notice the alert dialogue indicating successful execution of the XSS payload. ``` '';!--" onfocus=alert(0) autofocus="" onload=alert(3);="&amp;{(alert(1))}" |="" mufazmi"=" ``` ``` '';!--" onfocus=alert(0) autofocus="" onload=alert(3);=>>"&amp;{(alert(1))}" |="">> mufazmi"=">> ``` ### POC https://youtu.be/kqKFgsOqstg ### Impact This XSS vulnerability allows an attacker to execute malicious scripts in the context of a victim's browser when they click on a specially crafted link. This could lead to various m...