#xss

### Impact An attacker with control of the contents of the TechDocs storage buckets is able to inject executable scripts in the TechDocs content that will be executed in the victim's browser when browsing documentation or navigating to an attacker provided link. ### Patches This has been fixed in the 1.10.13 release of the `@backstage/plugin-techdocs-backend` package. ### References If you have any questions or comments about this advisory: Open an issue in the [Backstage repository](https://github.com/backstage/backstage) Visit our Discord, linked to in [Backstage README](https://github.com/backstage/backstage)

Concrete CMS versions 9.0.0 through 9.3.3 are affected by a stored XSS vulnerability in the "Top Navigator Bar" block. Since the "Top Navigator Bar" output was not sufficiently sanitized, a rogue administrator could add a malicious payload that could be executed when targeted users visited the home page. This does not affect versions below 9.0.0 since they do not have the Top Navigator Bar Block. Thanks, Chu Quoc Khanh for reporting.

### Summary We discovered a DOM Clobbering vulnerability in Vite when building scripts to `cjs`/`iife`/`umd` output format. The DOM Clobbering gadget in the module can lead to cross-site scripting (XSS) in web pages where scriptless attacker-controlled HTML elements (e.g., an img tag with an unsanitized name attribute) are present. Note that, we have identified similar security issues in Webpack: https://github.com/webpack/webpack/security/advisories/GHSA-4vvj-4cpr-p986 ### Details **Backgrounds** DOM Clobbering is a type of code-reuse attack where the attacker first embeds a piece of non-script, seemingly benign HTML markups in the webpage (e.g. through a post or comment) and leverages the gadgets (pieces of js code) living in the existing javascript code to transform it into executable code. More for information about DOM Clobbering, here are some references: [1] https://scnps.co/papers/sp23_domclob.pdf [2] https://research.securitum.com/xss-in-amp4email-dom-clobbering/ **Gadg...

### Summary A potential Cross-Site Scripting (XSS) vulnerability has been identified in the `/wireui/button` endpoint, specifically through the `label` query parameter. Malicious actors could exploit this vulnerability by injecting JavaScript into the `label` parameter, leading to the execution of arbitrary code in the victim's browser. ### Details The `/wireui/button` endpoint dynamically renders button labels based on user-provided input via the `label` query parameter. Due to insufficient sanitization or escaping of this input, an attacker can inject malicious JavaScript. The following URL demonstrates the vulnerability: ``` https://wireui.dev/wireui/button?label=Cancel&1%25%7ds8dk0%3E%3Cscript%3Ealert(1)%3C/script%3Ez1qt3=1 ``` By crafting such a request, an attacker can inject arbitrary code that will be executed by the browser when the endpoint is accessed. ### Proof of Concept (PoC) To demonstrate the vulnerability, visit the following URL: ``` /wireui/button?label=<script>...

GibbonEdu Core version 26.0.00 suffers from a cross site scripting vulnerability that can lead to privilege escalation.

TP-Link Archer AX50 router with firmware version 1.0.11 build 2022052 suffers from a persistent cross site scripting vulnerability.

HTMLy version 2.9.9 suffers from a persistent cross site scripting vulnerability that can lead to account takeover.

Apple Security Advisory 09-16-2024-6 - Safari 18 addresses cross site scripting and spoofing vulnerabilities.

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Millbeck Communications Equipment: Proroute H685t-w Vulnerabilities: Command Injection, Cross-site Scripting 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary commands on the device's operating system. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Millbeck Communications Proroute H685t-w, a 4G router, are affected: Proroute H685t-w: Version 3.2.334 3.2 Vulnerability Overview 3.2.1 Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-77 There is a command injection vulnerability that may allow an attacker to inject malicious input on the device's operating system. CVE-2024-45682 has been assigned to this vulnerability. A CVSS v3.1 base score of 8.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). 3.2.2 Improper Neutralization of...

It has been discovered that malicious HTML using special nesting techniques can bypass the depth checking added to DOMPurify in recent releases. It was also possible to use Prototype Pollution to weaken the depth check. This renders dompurify unable to avoid XSS attack. Fixed by https://github.com/cure53/DOMPurify/commit/1e520262bf4c66b5efda49e2316d6d1246ca7b21 (3.x branch) and https://github.com/cure53/DOMPurify/commit/26e1d69ca7f769f5c558619d644d90dd8bf26ebc (2.x branch).