Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

eLitius 1.0 Backup Disclosure

eLitius version 1.0 appears to leave backups in a world accessible directory under the document root.

Packet Storm
Open in Source
#sql#xss#csrf#vulnerability#web#ios#mac#windows#apple#google#ubuntu#linux#debian#cisco#java#php#perl#auth#ruby#firefox
CVE-2023-4371

A vulnerability was found in phpRecDB 1.3.1. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument r/view leads to cross site scripting. The attack may be launched remotely. VDB-237194 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

E-Fun CMS 5.0 XML Injection

E-Fun CMS version 5.0 suffers from an XML external entity injection vulnerability.

CVE-2023-30498: WordPress Vimeotheque plugin <= 2.2.1 - Reflected Cross Site Scripting (XSS) vulnerability - Patchstack

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CodeFlavors Vimeotheque: Vimeo WordPress Plugin <= 2.2.1 versions.

CVE-2023-30747: WordPress WooCommerce Easy Duplicate Product plugin <= 0.3.0.0 - Reflected Cross Site Scripting (XSS) vulnerability - Patchstack

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPGem WooCommerce Easy Duplicate Product plugin <= 0.3.0.0 versions.

CVE-2023-30778: WordPress PowerPress Podcasting plugin by Blubrry plugin <= 10.0.1 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Blubrry PowerPress Podcasting plugin by Blubrry plugin <= 10.0.1 versions.

CVE-2023-4308: Changeset 2952471 for user-submitted-posts – WordPress Plugin Repository

The User Submitted Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘user-submitted-content’ parameter in versions up to, and including, 20230809 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

GHSA-m6pf-cm3f-7876: LibreNMS Cross-site Scripting vulnerability

Cross-site Scripting (XSS) - Reflected in GitHub repository librenms/librenms 23.7.0 and prior. A patch is available at commit 91c57a1ee54631e071b6b0c952d99c8ee892e824 and anticiapted to be part of version 23.8.0.

CVE-2023-4347: Fix unsanitized input injection (#15184) · librenms/librenms@91c57a1

Cross-site Scripting (XSS) - Reflected in GitHub repository librenms/librenms prior to 23.8.0.

GHSA-xc2r-jf2x-gjr8: external-svg-loader Cross-site Scripting vulnerability

### Summary According to the [docs](https://github.com/shubhamjain/svg-loader/tree/main#2-enable-javascript), svg-loader will strip all JS code before injecting the SVG file for security reasons but the input sanitization logic is not sufficient and can be trivially bypassed. This allows an attacker to craft a malicious SVG which can result in XSS. ### Details When trying to sanitize the svg the lib [removes event attributes](https://github.com/shubhamjain/svg-loader/blob/main/svg-loader.js#L125-L128) such as `onmouseover`, `onclick` but the list of events is not exhaustive. Here's a list of events not removed by svg-loader. `onafterscriptexecute, onbeforecopy, onbeforecut, onbeforescriptexecute, onbeforetoggle, onbegin, onbounce, onend, onfinish, onfocusin, onfocusout, onmousewheel, onpointerrawupdate, onrepeat, onsearch, onshow, onstart, ontoggle(popover), ontouchend, ontouchmove, ontouchstart` As you can see in the POC we can use `onbegin` in `animate` tag to execute JS code with...