Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

GHSA-m6fv-jmcg-4jfg: send vulnerable to template injection that can lead to XSS

### Impact passing untrusted user input - even after sanitizing it - to `SendStream.redirect()` may execute untrusted code ### Patches this issue is patched in send 0.19.0 ### Workarounds users are encouraged to upgrade to the patched version of express, but otherwise can workaround this issue by making sure any untrusted inputs are safe, ideally by validating them against an explicit allowlist ### Details successful exploitation of this vector requires the following: 1. The attacker MUST control the input to response.redirect() 1. express MUST NOT redirect before the template appears 1. the browser MUST NOT complete redirection before: 1. the user MUST click on the link in the template

ghsa
Open in Source
#xss#js
GHSA-cm22-4g7w-348p: serve-static vulnerable to template injection that can lead to XSS

### Impact passing untrusted user input - even after sanitizing it - to `redirect()` may execute untrusted code ### Patches this issue is patched in serve-static 1.16.0 ### Workarounds users are encouraged to upgrade to the patched version of express, but otherwise can workaround this issue by making sure any untrusted inputs are safe, ideally by validating them against an explicit allowlist ### Details successful exploitation of this vector requires the following: 1. The attacker MUST control the input to response.redirect() 1. express MUST NOT redirect before the template appears 1. the browser MUST NOT complete redirection before: 1. the user MUST click on the link in the template

GHSA-qw6h-vgh9-j6wx: express vulnerable to XSS via response.redirect()

### Impact In express <4.20.0, passing untrusted user input - even after sanitizing it - to `response.redirect()` may execute untrusted code ### Patches this issue is patched in express 4.20.0 ### Workarounds users are encouraged to upgrade to the patched version of express, but otherwise can workaround this issue by making sure any untrusted inputs are safe, ideally by validating them against an explicit allowlist ### Details successful exploitation of this vector requires the following: 1. The attacker MUST control the input to response.redirect() 1. express MUST NOT redirect before the template appears 1. the browser MUST NOT complete redirection before: 1. the user MUST click on the link in the template

GHSA-78vg-7v27-hj67: auditor-bundle vulnerable to Cross-site Scripting because name of entity does not get escaped

### Summary Unescaped entity property enables Javascript injection. ### Details I think this is possible because %source_label% in twig macro is not escaped. Therefore script tags can be inserted and are executed. ### PoC - clone example project https://github.com/DamienHarper/auditor-bundle-demo - create author with FullName <script>alert()</script> - delete author - view audit of authors - alert is displayed ### Impact persistent XSS. JS can be injected and executed.

Gallup Addresses XSS Bugs in Website

Researchers flagged a pair of Gallup site XSS vulnerabilities.

Gallup.com Bugs Open Door to Election Misinformation

Researchers flagged a pair of Gallup polling site XSS vulnerabilities that could have allowed malicious actors to execute arbitrary code, access sensitive data, or take over a victim account.

CVE-2024-43476: Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** The user would have to navigate to a page with malicious content to be compromised by the attacker.

GHSA-28h4-788g-rh42: Craft CMS vulnerable to stored XSS in breadcrumb list and title fields

### Summary Multiple Stored XSS can be triggered by the breadcrumb list and title fields with user input. ### Details 1. In the **/admin/categories** page, category title isn't sanitized and triggered xss. 2. In the category edit page under the **/admin/categories/**, category title in breadcrumb list isn't sanitized and triggered xss. 3. In the **/admin/entries** page, entry title isn't sanitized and triggered xss. 4. In the entry edit page under the **/admin/entries/**, entry title in breadcrumb list isn't sanitized and triggered xss. 5. In the **/admin/myaccount** and pages under it, username or full name in breadcrumb list isn't sanitized and triggered xss. ### Impact Malicious users can tamper with the control panel. ### PoC #### 1. In the **/admin/categories** page, category title isn't sanitized and triggered xss. ``` 1. Access to the Settings -> Categories ( /admin/settings/categories ) 2. Create new category group 3. Access to the Categories page ( /admin/categories/ ) 4. P...