#xss

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). 1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely  Vendor: Siemens  Equipment: Various third-party components used in SCALANCE W-700 devices  Vulnerabilities: Generation of Error Message Containing Sensitive Information, Out-of-bounds Write, NULL Pointer Dereference, Out-of-bounds Read, Improper Input Validation, Release of Invalid Pointer or Reference, Use After Free, Prototype Pollution  2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to cause a denial-of-service condition or disclose sensitive data.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following software from Siemens is affected:  SCALANCE WAM763-1 (6GK57...

Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.7.

Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.7.

Auth. (contributor+) Stored Cross-Site Scripting vulnerability in Galleryape Gallery Images Ape plugin <= 2.2.8 versions.

Auth. (contributor+) Cross-Site Scripting vulnerability in TCBarrett WP Glossary plugin <= 3.1.2 versions.

Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Galaxy Weblinks Gallery with thumbnail slider plugin <= 6.0 versions.

Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.7.

Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.7.

Cross-site Scripting (XSS) - Generic in GitHub repository tsolucio/corebos prior to 8.0.

A bypass has been found that allows an attacker to upload an SVG with persistent XSS. HTML elements within CDATA needed to be sanitized correctly, as we were converting them to a textnode and therefore, the library wasn't seeing them as DOM elements. Any data within a CDATA node will now be sanitised using [HTMLPurifier](https://github.com/ezyang/htmlpurifier). We've also removed many of the HTML and MathML elements from the allowed element list, as without `ForiegnObject`, they're not legal within the SVG context. Additional tests have been added to the test suite to account for these new bypasses. ### Impact This impacts all users of the `svg-sanitizer` library. ### Patches This issue is fixed in 0.16.0 and higher. ### Workarounds There is currently no workaround available without upgrading. ### For more information If you have any questions or comments about this advisory: Open an issue in [Github](https://github.com/darylldoyle/svg-sanitizer/issues) Email us at [daryll@ens...