Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

Whatsup Gold, Observium and Offis vulnerabilities

Cisco Talos’ Vulnerability Research team recently disclosed three vulnerabilities in Observium, three vulnerabilities in Offis, and four vulnerabilities in Whatsup Gold.    These vulnerabilities exist in Observium, a network observation and monitoring system; Offis DCMTK, a collection of libraries and applications implementing DICOM (Digital Imaging and Communications

TALOS
#xss#vulnerability#web#cisco#dos#git#java#intel#auth
GHSA-xr3m-6gq6-22cg: Pimcore Authenticated Stored Cross-Site Scripting (XSS) Via Search Document

### Summary A Stored Cross-Site Scripting (XSS) vulnerability in PIMCORE allows remote attackers to inject arbitrary web script or HTML via the PDF upload functionality. This can result in the execution of malicious scripts in the context of the user's browser when the PDF is viewed, leading to potential session hijacking, defacement of web pages, or unauthorized access to sensitive information. ### Details The vulnerability is present in the PDF upload functionality of the PIM Core Upload module. When a user uploads a PDF file, the application fails to properly sanitize the content, allowing embedded scripts to be executed when the PDF is viewed. The affected code is located in the file handling and rendering logic of the PDF upload feature. ### PoC 1. Log in as Administrator ![image](https://github.com/user-attachments/assets/7945bbd7-5277-4a0e-8365-56e5df319bae) 2. Hover to Assets ![image](https://github.com/user-attachments/assets/f24645ee-d740-4a5e-81d1-b8bf48b71cce)...

GHSA-2v3r-gvq5-qqgh: Dolibarr Cross-site Scripting vulnerability

A cross-site scripting (XSS) vulnerability in the Events/Agenda module of Dolibarr v21.0.0-beta allows attackers to execute arbitrary web scripts or HTMl via a crafted payload injected into the Title parameter.

GHSA-x2j8-vjg7-386r: Dolibarr Cross-site Scripting vulnerability

A cross-site scripting (XSS) vulnerability in the Product module of Dolibarr v21.0.0-beta allows attackers to execute arbitrary web scripts or HTMl via a crafted payload injected into the Title parameter.

CISA Adds Five-Year-Old jQuery XSS Flaw to Exploited Vulnerabilities List

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday placed a now-patched security flaw impacting the popular jQuery JavaScript library to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The medium-severity vulnerability is CVE-2020-11023 (CVSS score: 6.1/6.9), a nearly five-year-old cross-site scripting (XSS) bug that could be

GHSA-w5hq-hm5m-4548: Cross Site Scripting vulnerability in store2

Cross Site Scripting vulnerability in nbubna store v.2.14.2 and before allows a remote attacker to execute arbitrary code via the store.deep.js component

GHSA-9qrm-48qf-r2rw: Directus has a DOM-Based cross-site scripting (XSS) via layout_options

### Impact Directus allows an authenticated attacker to save cross site scripting code to the database. This is possible because the application injects an attacker-controlled parameter that will be stored in the server and used by the client into an unsanitized DOM element. When chained with [CVE-2024-6534](https://github.com/directus/directus/security/advisories/GHSA-3fff-gqw3-vj86), it could result in account takeover. ### PoC To exploit this vulnerability, we need to do the following steps using a non-administrative, default role attacker account. 1. Upload the following JavaScript file. Using the upload functionality at `POST /files`. This PoC will show an alert message. ```js export TARGET_HOST="http://localhost:8055" export ATTACKER_EMAIL="malicious@malicious.com" export ATTACKER_PASSWORD="123456" root_dir=$(dirname $0) mkdir "${root_dir}/static" curl -s -k -o /dev/null -w "%{http_code}" -X 'POST' "${TARGET_HOST}/auth/login" \ -c "${root_dir}/static/attacker_directus_se...

GHSA-74j9-xhqr-6qv3: Reflected Cross Site Scripting (XSS) in error message

If a website has been set to the "dev" environment mode, a URL can be provided which includes an XSS payload which will be executed in the resulting error message.

GHSA-222v-cx2c-q2f5: phpMyAdmin XSS when checking tables

An issue was discovered in phpMyAdmin 5.x before 5.2.2. An XSS vulnerability has been discovered for the check tables feature. A crafted table or database name could be used for XSS.

GHSA-788m-27g4-cf86: Cross site scripting in Silverpeas Core

Stored Cross-Site Scripting (XSS) in the Categorization Option of My Subscriptions Functionality in Silverpeas Core 6.4.1 allows a remote attacker to execute arbitrary JavaScript code. This is achieved by injecting a malicious payload into the Name field of a subscription. The attack can lead to session hijacking, data theft, or unauthorized actions when an admin user views the affected subscription.