The Handy Tip macro in Stiltsoft Handy Macros for Confluence Server/Data Center 3.x before 3.5.5 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability.

CVE-2022-44724

In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a remote user that holds the “power” Splunk role can store arbitrary scripts that can lead to persistent cross-site scripting (XSS). The vulnerability affects instances with Splunk Web enabled.

**Advisory ID:** SVD-2022-1101

**Published:** 2022-11-02

**CVSSv3.1 Score:** 6.4, M 6.4, Medium

**CWE:** CWE-79

**CVE ID:** CVE-2022-43561

**Last Update:** 2022-11-02

**CVSSv3.1 Vector:** CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

**Bug ID:** SPL-207040

**Description**

In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a remote user that holds the “power” Splunk role can store arbitrary scripts that can lead to persistent cross-site scripting (XSS). The vulnerability affects instances with Splunk Web enabled.

**Solution**

For Splunk Enterprise, upgrade versions to 8.1.12, 8.2.9, 9.0.2, or higher.

  
For Splunk Cloud Platform versions below 9.0.2208, Splunk is actively patching and monitoring the Splunk Cloud instances. To request an immediate upgrade, determine which version of Splunk Cloud Platform you're running, then create a new support case.  

**Product Status**

Product

Version

Component

Affected Version

Fixed Version

Splunk Enterprise

8.1

Splunk Web

8.1.11 and lower

8.1.12

Splunk Enterprise

8.2

Splunk Web  

8.2.0 to 8.2.8

8.2.9

Splunk Enterprise

9.0

Splunk Web

9.0.0 to 9.0.1

9.0.2

Splunk Cloud Platform

  

Splunk Web

9.0.2205 and lower

9.0.2208

**Mitigations and Workarounds**

If users do not log in to Splunk Web on indexers in a distributed environment, disable Splunk Web on those indexers. See Disable unnecessary Splunk Enterprise components and the web.conf configuration specification file for more information on disabling Splunk Web.  

**Detections**

**Splunk XSS in “Save Table” dialog header in search/table page**

This is a detection search to find persistent XSS that was included while inputting data in the 'Save Table' dialog in the affected versions of  Splunk Enterprise.

**Severity**

Splunk rated the vulnerability as Medium. The vulnerability lets a remote authenticated user with the power role to store arbitrary scripts, but exploitation requires a multistep process by the victim. Hence, Splunk scored the vulnerability as 6.4 with a CVSSv3.1 vector of CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H.

  
If the Splunk Enterprise instance does not run Splunk Web, there is no impact and the severity is Informational.  

**Acknowledgments**

Mr Hack (try\_to\_hack)

CVE-2022-43561: SVD-2022-1101 | Splunk

"IBM Cognos Analytics 11.2.1, 11.2.0, 11.1.7 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 229963."

**Security Bulletin**

  

**Summary**

Security vulnerabilities have been addressed in IBM Cognos Analytics 11.1.7 FP6. These vulnerabilities have also been previously addressed in IBM Cognos Analytics 11.2.3. A vulnerability where user credentials are stored in plain cleartext in a log and could be read by an authenticated user has been addressed (CVE-2022-34339). The following 3rd party components are used by IBM Cognos Analytics: OpenSSL is a cryptography library that offers open-source application of the TLS protocol (CVE-2021-3712, CVE-2021-3711, CVE-2021-4160). Apache Commons IO is a library that provides various utility classes for common operations for File IO (CVE-2021-29425). Dijit is Dojo's UI library (CVE-2020-4051). Python is an object-oriented, programming language for web and app development (CVE-2021-3733, CVE-2021-3737, CVE-2022-0391). Async is a utility module which provides functions for working with asynchronous JavaScript (CVE-2021-43138). Jupyter Notebook is an Interactive computing platform across all programming languages (CVE-2022-24758).

**Vulnerability Details**

**CVEID:**   CVE-2021-4160  
**DESCRIPTION:**   OpenSSL could provide weaker than expected security, caused by a carry propagation flaw in the MIPS32 and MIPS64 squaring procedure. An attacker could exploit this vulnerability to launch further attacks on the system  
CVSS Base score: 6.7  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/218394 for the current score.  
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)

**CVEID:**   CVE-2021-3733  
**DESCRIPTION:**   Python is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw in the AbstractBasicAuthHandler class in urllib. By persuading a victim to visit a specially-crafted web site, a remote attacker could exploit this vulnerability to cause a denial of service condition.  
CVSS Base score: 6.5  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/213034 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

**CVEID:**   CVE-2020-4051  
**DESCRIPTION:**   Dijit is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the Editor's LinkDialog plugin. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.  
CVSS Base score: 6.1  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/183740 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

**CVEID:**   CVE-2021-43138  
**DESCRIPTION:**   Async could allow a remote attacker to execute arbitrary code on the system, caused by prototype pollution in the mapValues() method. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.  
CVSS Base score: 7.8  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/223605 for the current score.  
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

**CVEID:**   CVE-2021-3711  
**DESCRIPTION:**   OpenSSL is vulnerable to a buffer overflow, caused by improper bounds checking by the EVP\_PKEY\_decrypt() function within implementation of the SM2 decryption. By sending specially crafted SM2 content, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.  
CVSS Base score: 9.8  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/208072 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

**CVEID:**   CVE-2022-34339  
**DESCRIPTION:**   IBM Cognos Analytics stores user credentials in plain clear text which can be read by an authenticated user.  
CVSS Base score: 6.5  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/229963 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)

**CVEID:**   CVE-2022-24758  
**DESCRIPTION:**   Jupyter Notebook could allow a remote attacker to obtain sensitive information, caused by the storage of auth cookie and other header values in the log files when a 5xx error is triggered. By gaining access to the log files, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.  
CVSS Base score: 7.5  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/223450 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

**CVEID:**   CVE-2021-3737  
**DESCRIPTION:**   Python is vulnerable to a denial of service, caused by improper handling of HTTP response in the HTTP client code. By persuading a victim to visit a specially-crafted web site, a remote attacker could exploit this vulnerability to cause the client script enter an infinite loop, and results in a denial of service condition.  
CVSS Base score: 6.5  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/213407 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

**CVEID:**   CVE-2022-0391  
**DESCRIPTION:**   Python could provide weaker than expected security, cause by a improper input validation by the urllib.parse module. By sending a specially-crafted request using \\r and \\n characters in the URL path. An attacker could exploit this vulnerability to perform injection attack or launch further attacks on the system.  
CVSS Base score: 5.3  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/219613 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

**CVEID:**   CVE-2021-3712  
**DESCRIPTION:**   OpenSSL could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read when processing ASN.1 strings. By sending specially crafted data, an attacker could exploit this vulnerability to read contents of memory on the system or perform a denial of service attack.  
CVSS Base score: 6.5  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/208073 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L)

**CVEID:**   CVE-2021-29425  
**DESCRIPTION:**   Apache Commons IO could allow a remote attacker to traverse directories on the system, caused by improper input validation by the FileNameUtils.normalize method. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.  
CVSS Base score: 7.5  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/199852 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

**Affected Products and Versions**

IBM Cognos Analytics 11.2.x

IBM Cognos Analytics 11.1.x

**Remediation/Fixes**

**Workarounds and Mitigations**

None

**References**

Off

**Acknowledgement**

CVE-2022-34339 was reported to IBM by Vsevolod Ivanov and Jeff Hutchinson from EY Canada's Offensive Security practice.

**Change History**

17 Oct 2022: Initial Publication

\*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

**Disclaimer**

Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.

**Document Location**

Worldwide

\[{"Business Unit":{"code":"BU059","label":"IBM Software w\\/o TPS"},"Product":{"code":"SSTSF6","label":"Cognos Analytics"},"Component":"","Platform":\[{"code":"PF025","label":"Platform Independent"}\],"Version":"11.2.1, 11.2.0, 11.1.7","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}}\]

CVE-2022-34339: Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities (CVE-2022-34339, CVE-2021-3712, CVE-2021-3711, CVE-2021-4160, CVE-2021-29425, CVE-2021-3733, CVE-2021-3737, CVE-2022-0391

"IBM Security Guardium 10.5, 10.6, 11.0, 11.1, 11.2, 11.3, and 11.4 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 215587."

  

**Summary**

IBM Security Guardium has fixed these vulnerabilities.

**Vulnerability Details**

**CVEID:**   CVE-2021-39077  
**DESCRIPTION:**   IBM Security Guardium stores user credentials in plain clear text which can be read by a local privileged user.  
CVSS Base score: 4.4  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/215587 for the current score.  
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)

**CVEID:**   CVE-2019-12406  
**DESCRIPTION:**   Apache CXF is vulnerable to a denial of service, caused by the failure to restrict the number of message attachments present in a given message. By sending a specially-crafted message containing an overly large number of message attachments, a remote attacker could exploit this vulnerability to cause a denial of service condition.  
CVSS Base score: 5.3  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/170974 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

**CVEID:**   CVE-2019-12423  
**DESCRIPTION:**   Apache CXF could allow a remote attacker to obtain sensitive information, caused by a flaw when ships with OpenId Connect JWK Keys service. By accessing the JWK keystore file, an attacker could exploit this vulnerability to obtain the public keys in JWK format, and use this information to launch further attacks against the affected system.  
CVSS Base score: 7.5  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/174688 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

**CVEID:**   CVE-2020-13954  
**DESCRIPTION:**   Apache CXF is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the services listing page. A remote attacker could exploit this vulnerability using the styleSheetPath in a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.  
CVSS Base score: 6.1  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/191650 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

**CVEID:**   CVE-2020-1954  
**DESCRIPTION:**   Apache CXF is vulnerable to a man-in-the-middle attack, caused by a flaw in JMX Integration. An attacker could exploit this vulnerability to launch a man-in-the-middle attack and gain access to the communication channel between endpoints to obtain sensitive information or further compromise the system.  
CVSS Base score: 5.9  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/178938 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

**CVEID:**   CVE-2021-22696  
**DESCRIPTION:**   Apache CXF is vulnerable to a denial of service, caused by improper validation of request\_uri parameter by the OAuth 2 authorization service. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition on the authorization server.  
CVSS Base score: 7.5  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/199335 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**   CVE-2021-30468  
**DESCRIPTION:**   Apache CXF is vulnerable to a denial of service, caused by an infinite loop flaw in the JsonMapObjectReaderWriter function. By sending a specially-crafted JSON to a web service, a remote attacker could exploit this vulnerability to consume available CPU resources.  
CVSS Base score: 7.5  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/203830 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**   CVE-2016-4658  
**DESCRIPTION:**   The libxml2 library, as used in multiple products, could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error. An attacker could exploit this vulnerability using a specially crafted XML document to execute arbitrary code on the system or cause a denial of service.  
CVSS Base score: 9.8  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/117175 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

**CVEID:**   CVE-2019-11756  
**DESCRIPTION:**   Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free of SFTKSession object. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.  
CVSS Base score: 8.8  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/172454 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

**CVEID:**   CVE-2019-17006  
**DESCRIPTION:**   Mozilla Network Security Services (NSS), as used in Mozilla Firefox is vulnerable to a heap-based buffer overflow, caused by improper bounds checking when using certain cryptographic primitives. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause a denial of service.  
CVSS Base score: 8.1  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/174125 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)

**CVEID:**   CVE-2020-6829  
**DESCRIPTION:**   Mozilla Network Security Services (NSS), as used in Mozilla Firefox could allow a local authenticated attacker to obtain sensitive information, caused by a side-channel attack when ECDSA signatures are generated. An attacker could exploit this vulnerability to extract the position of zero and non-zero wNAF digits while nss-certutil tool performs scalar multiplication and obtain the private key.  
CVSS Base score: 4.4  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/186706 for the current score.  
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N)

**CVEID:**   CVE-2019-11719  
**DESCRIPTION:**   Mozilla Firefox could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read when importing a curve25519 private key in PKCS#8format. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to obtain sensitive information.  
CVSS Base score: 6.5  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/163512 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)

**CVEID:**   CVE-2017-12624  
**DESCRIPTION:**   Apache CXF is vulnerable to a denial of service. By using a specially crafted message attachment header, a remote attacker could exploit this vulnerability to cause the AX-WS and JAX-RS services stop responding.  
CVSS Base score: 5.3  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/135095 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

**CVEID:**   CVE-2018-8039  
**DESCRIPTION:**   Apache CXF could allow a remote attacker to conduct a man-in-the-middle attack. The TLS hostname verification does not work correctly with com.sun.net.ssl interface. An attacker could exploit this vulnerability to launch a man-in-the-middle attack.  
CVSS Base score: 7.5  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/145516 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)

**Affected Products and Versions**

**Affected Product(s)**

**Version(s)**

IBM Security Guardium

10.5

IBM Security Guardium

10.6

IBM Security Guardium

11.0

IBM Security Guardium

11.1

IBM Security Guardium

11.2

IBM Security Guardium

11.3

IBM Security Guardium

11.4

  

**Workarounds and Mitigations**

None

**References**

Off

**Acknowledgement**

John Zuccato, Rodney Ryan, Chris Shepherd, Nathan Roane, Vince Dragnea, Troy Fisher, Gabor Minyo, Geoffrey Owden, and Ben Goodspeed from the IBM X-Force Ethical Hacking Team., John Zuccato, Rodney Ryan, Chris Shepherd, Nathan Roane, Vince Dragnea, Tr

**Change History**

18 Apr 2022: Initial Publication  
11 May 2022: Second Publication  
27 May 2022: Third Publication  
22 Sep 2022: Fourth Publication

\*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

**Disclaimer**

According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. "Affected Products and Versions" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.

**Document Location**

Worldwide

\[{"Business Unit":{"code":"BU059","label":"IBM Software w\\/o TPS"},"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"Component":"","Platform":\[{"code":"PF016","label":"Linux"}\],"Version":"10.5, 10.6, 11.0, 11.1, 11.2, 11.3, 11.4","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}\]

CVE-2021-39077: IBM Security Guardium is affected by multiple vulnerabilities

"IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 227592.

  

**Summary**

A cross-site scripting vulnerability in InfoSphere Information Server was addressed.

**Vulnerability Details**

**CVEID:**   CVE-2022-30615  
**DESCRIPTION:**   IBM InfoSphere Information Server is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  
CVSS Base score: 6.1  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/227592 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

**CVEID:**   CVE-2022-35642  
**DESCRIPTION:**   IBM InfoSphere Information Server is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  
CVSS Base score: 6.4  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/230946 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N)

**Affected Products and Versions**

Affected Product(s)

Version(s)

InfoSphere Information Server

11.7

**Remediation/Fixes**

**Product**

**VRMF**

**APAR**

**Remediation**

InfoSphere Information Server, InfoSphere Information Server on Cloud

11.7

JR65048

\--Apply IBM InfoSphere Information Server version 11.7.1.0  
\--Apply IBM InfoSphere Information Server version 11.7.1.4

**Workarounds and Mitigations**

None

**References**

Off

**Acknowledgement**

The vulnerability was reported to IBM by Maksymilian Kubiak & Marcin Węgłowski (AFINE Team) and by Ivan Bennink-Kozlov

**Change History**

14 Oct 2022: Initial Publication

\*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

**Disclaimer**

According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. "Affected Products and Versions" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.

**Document Location**

Worldwide

\[{"Business Unit":{"code":"BU059","label":"IBM Software w\\/o TPS"},"Product":{"code":"SSZJPZ","label":"InfoSphere Information Server"},"Component":"","Platform":\[{"code":"PF033","label":"Windows"},{"code":"PF002","label":"AIX"},{"code":"PF016","label":"Linux"}\],"Version":"11.7","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}}\]

CVE-2022-30615: Security Bulletin: IBM InfoSphere Information Server is vulnerable to cross-site scripting (CVE-2022-30615, CVE-2022-35642)

Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Stage Rock Convert plugin <= 2.11.0 on WordPress.

*   Details
*   Reviews
*   Support
*   Development

Publique banners no seu blog de maneira rápida e efetiva, e converta visitantes em subscribers, leads ou clientes sem precisar entender código. Esses calls-to-action (CTAs) serão publicados diretamente do seu painel do WordPress e poderão ser monitorados através do Google Analytics.

**Adicione os banners em massa**

Seus posts estão sendo criados, mas você tem problemas quando o assunto é aumentar o número de conversões? Publique seus banners em todos os seus posts sem mexer diretamente no código.

**Organize de acordo com categorias**

Para facilitar, os banners podem ser organizados para serem apresentados de acordo com a categoria dos posts do seu blog. Assim fica fácil manter o controle sobre o que cada conteúdo irá apresentar.

**Personalize e obtenha melhores resultados**

Posicione o CTA dentro dos posts escolhendo entre o topo e o final do conteúdo, programe a data do lançamento e personalize as tags HTML para obter melhores resultados.

**Analise os resultados**

Insira UTMs (as tags de monitoramento padrão do Google) para monitorar os resultados diretamente no Google Analytics.

**Outras funcionalidades**

*   Compatível com SEO.
*   Compatível com qualquer versão do WordPress, sem a necessidade de customização de estilo (CSS).
*   Compatível com AMP.
*   Responsivo (funciona em qualquer dispositivo).
*   Disponível em inglês (en) e português (pt-br).
*   Clique aqui para ver exemplos online.

Avalie o plugin deixando uma classificação ou sugira novas features no fórum de suporte.

Feito com ❤ pelo time da Rock Content no #SanPedroValley.

Rock Convert will definitely save you some hours of manual work through enabling you to scale banner distribution across your blog and converting users to leads. If you download it, you will not regret!

As estatísticas pararam de funcionar. Testei direto no PHP e direto no texto também, mas não contabiliza mais. Utilizo o plugin há tempos e funcionava. Estou usando a versão 2.9.5.

Instalei pois necessitava de uma caixa de captura para newsletter. A caixa é a com o melhor design e a mais fácil de configurar entre todas as opções que vi (testei várias). Porém a mesma não funciona no site versão AMP. Uso o AMP oficial do Wordpress. Entrei em contato com o suporte e infelizmente também não conseguiram resolver. Sá não tirei ainda do meu site, pois os demais plugins de newsletter não me agradaram.

Gostei mas o plugin não está atualizado, só queria adicionar CTA de baixar o conteúdo em páginas e não artigos. Está causando erro quando atualiza a nova versão do WordPress.

Sou desenvolvedor e sempre instalo nos WP que faço. Com ele de maneira muito fácil você consegue colocar e partes estratégicas do site um action para sua LP e assim aumentar o número de leads

Ainda não experimentei pois o WP só permite instalação de plugins no plano pago(pago eu utilizo o Wix). Ou plano de hospedagem profissional, mas a princípio para uma forma de adSense da RockContent.

Read all 20 reviews

“Rock Convert” is open source software. The following people have contributed to this plugin.

Contributors

*    Rock Content

**3.0.0**

*   Revisão completa do plugin
*   Refatorado o código para melhor desempenho e segurança
*   Todas as variáveis e opções foram escapadas a fim de evitar ataques XSS
*   Refatoração baseada no WordPress Coding Standard

**2.11.0**

Correção:  
\* Corrigidos pontos de vulnerabilidade XSS  
\* Melhoria na semântica dos formulários da área administrativa  
\* Corrigida chamada a API Rest

**2.10.2**

Improvements:  
\* Improvements in the plugin security

**2.10.1**

Correção:  
\* Css which affected the theme fixed

**2.10.0**

Correção:  
\* Fix popup front

**2.9.9**

Correção:  
\* Fix query categories and layout admin

**2.9.8**

Correção:  
\* Correção do formulário de popup

**2.9.7**

Correção:  
\* Melhorias no layout do preview

**2.9.6**

Correção:  
\* Correção de chamada de função javascript  
\* Melhorias no layout do preview

**2.9.5**

Correção:  
\* Correção dos endpoints rest

**2.9.4**

Correção:  
\* Correção de css dos titulos do blog

**2.9.3**

Correção:  
\* Correção de versão do arquivo javascript

**2.9.2**

Correção:  
\* Correção de bug no campo de widget

**2.9.1**

Correção:  
\* Correção de bug no layout do admin

**2.9**

Novidades:  
\* Adição de nova funcionalidade de popup exit

**2.8.1**

Melhorias:  
\* Corrigida chamada rest  
\* Corrigida quebra de layout no painel

**2.8**

Novidades:  
\* Adicionado novos campos para o formulário do widget

**2.7.1**

Novidades:  
\* Adicionado painel para visualização das leads

**2.7.0**

Novidades:  
\* Suporte a tags  
\* Possibilidade de escolher regras de exibição mais refinadas

**2.2.0**

Novidades:  
\* Nova funcionalidade: Barra de anúncios no topo do site  
\* Nova funcionalidade: CTA customizavel na barra lateral

Melhorias:  
\* Altera separador ao exportar para arquivo CSV de ; para ,  
\* Permite alterar a mensagem de sucesso do widget Caixa de captura  
\* Permite alterar o titulo e o texto do botão na caixa de download

**2.1.4**

Melhorias:  
\* Adiciona suporte a event tracking para o Google Analytics  
\* Reduz o tamanho do script necessário para utilizar o Rock Convert

**2.1.3**

Correção:  
\* Previne que aconteça o Fatal Error na função get\_rest\_url

Melhorias:  
\* Previne que as visualizações dos CTAs sejam bloqueadas por plugins de cache

**2.1.2**

Melhorias:  
\* Permite cadastrar parametros customizados no link do CTA  
\* Adiciona suporte ao WordPress 5.0  
\* Adiciona formulário na página de configurações para se inscrever na newsletter do Rock Convert

**2.1**

Novas funcionalidades  
\* Adiciona Widget com caixa de captura de e-mails

**2.0.11**

Correção:  
\* Previne que o erro “Undefined index” aconteça ao mostrar banners na página do post

**2.0.0**

Melhorias:  
\* Visibilidade: Agora é possível escolher páginas onde um banner não deve aparecer;  
\* Shortcode: Todo banner tem um shortcode único que pode ser adicionado em qualquer posição de qualquer conteúdo;

Novas funcionalidades:  
\* Analytics: saiba como seus CTAs estão performando diretamente no painel do wordpress;  
\* Captura de leads: Disponibilize seus posts para download no formato PDF e capture os e-mails;  
\* Faça download dos leads no formato CSV

**1.0.0**

*   Permite criar CTAs
*   Permite selecionar as categorias onde o CTA deve aparecer
*   Permite selecionar a imagem do CTA
*   Permite selecionar onde o CTA deve aparecer (início ou fim do post)
*   Permite cadastrar as UTM Tags para o link

CVE-2022-36428: Rock Convert

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in JumpDEMAND Inc. 4ECPS Web Forms plugin <= 0.2.17 on WordPress.

**4ecps-webforms**

*   Details
*   Reviews
*   Support
*   Development

**Description**

This plugin has been closed as of November 2, 2022 and is not available for download. This closure is temporary, pending a full review.

**Blocks**

This plugin provides 6 blocks.

*   4ECPS - Dynamic Content Block
*   4ECPS - Web Form
*   4ECPS - Story board
*   4ECPS Web Forms
*   4ECPS Web Forms
*   4ECPS Web Forms

**Reviews**

There are no reviews for this plugin.

**Contributors & Developers**

“4ECPS Web Forms” is open source software. The following people have contributed to this plugin.

Contributors

CVE-2022-44628: 4ECPS Web Forms

CandidATS version 3.0.0 on 'page' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks.

1.  Home
2.  Advisories
3.  Local File Read in CandidATS 3.0.0 via XXE

**Summary**

**Name**

Local File Read in CandidATS 3.0.0 via XXE

**Code name**

J.Cole

**Product**

CandidATS

**Affected versions**

Version 3.0.0

**State**

Public

**Release date**

2022-10-27

**Vulnerability**

**Kind**

XML injection (XXE)

**Rule**

083\. XML injection (XXE)

**Remote**

Yes

**CVSSv3 Vector**

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

**CVSSv3 Base Score**

6.5

**Exploit available**

Yes

**CVE ID(s)**

CVE-2022-42745

**Description**

CandidATS version 3.0.0 allows an external attacker to read arbitrary files from the server. This is possible because the application is vulnerable to XXE.

**Vulnerability**

The XXE present in CandidATS 3.0.0, allows an unauthenticated remote attacker to read arbitrary files from the server. To trigger this vulnerability, we will need to upload a malicious DOCX to the server.

**Exploitation**

In this attack we will be able to read arbitrary files from the server, through an XXE.

**Our security policy**

We have reserved the CVE-2022-42745 to refer to these issues from now on.

*   https://fluidattacks.com/advisories/policy/

**System Information**

*   Version: CandidATS 3.0.0
    
*   Operating System: GNU/Linux
    

**Mitigation**

There is currently no patch available for this vulnerability.

**Credits**

The vulnerability was discovered by Carlos Bello from Fluid Attacks' Offensive Team.

**References**

**Vendor page** https://candidats.net/

**Timeline**

2022-10-11

Vulnerability discovered.

2022-10-11

Vendor contacted.

2022-10-11

Vendor replied acknowledging the report.

2022-10-27

Public Disclosure.

CVE-2022-42749: Local File Read in CandidATS 3.0.0 via XXE | Advisories | Fluid Attacks

KairosDB through 1.2.2 has XSS in view.html because of showErrorMessage in js/graph.js, as demonstrated by view.html?q= with a '"sampling":{"value":"<script>' substring.

**Reflected Cross site scripting (XSS) in kairosdb**

Moderate severity GitHub Reviewed Published Nov 3, 2022 • Updated Nov 3, 2022

GHSA-fjhh-67wv-7gr4: Reflected Cross site scripting (XSS) in kairosdb

Emlog Pro v1.7.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability at /admin/store.php.

**Have a question about this project?** Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Pick a username

Email Address

Password

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Tag

#xss