CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

FreeTAKServer-UI v1.9.8 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Callsign parameter.

In the FreeTAKServer-UI there is a function to create and view Emergency Alerts that are originating from either the End User Device or from the UI itself. Both Avenues are susceptible to a Stored Cross Site scripting vulnerability in the Callsign parameter.

**Web Interface**

In the case of a XSS in the WebUI it is as simple as having a callsign with the payload of `<img src onerror=alert(/payload/)>` which will trigger the Emergency function and display the emergency in the WebUI.

![xss_webui_payload](https://user-images.githubusercontent.com/14073684/154237327-177a4fbe-86e4-4c29-9633-6e9a2a32a1ba.jpg)

![xss_webui_alert](https://user-images.githubusercontent.com/14073684/154237340-0874bc59-57aa-4250-9d44-328ce9580c95.jpg)

**End User Device**

What's more interesting of a scenario is that it is possible to push Emergencies from any of the EUDs, these can range from a 911, TIC (Troops in Contact) or similar.

This can be chained together with the API keys leakage in the response in order to obtain a server RestAPI key for further exploitation, which can take a normal user in the field to a Web Server admin

![xss_enduserdevice_payload](https://user-images.githubusercontent.com/14073684/154237378-b426d216-6b62-4734-bcad-3dc118ae1557.jpg)

![xss_enduserdevice_webui_payload](https://user-images.githubusercontent.com/14073684/154237622-09e69aa7-17b5-4066-87a2-d64c27dd85c3.jpg)

![xss_enduserdevice_alert](https://user-images.githubusercontent.com/14073684/154237651-8249f345-ba06-4459-926a-7d8875069475.jpg)

Headline

CVE-2022-25507: XSS through Emergency Alert · Issue #28 · FreeTAKTeam/UI

CVE: Latest News