Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-25988: [#2052] Fix stored XSS in Notifications · ifmeorg/ifme@720a470

In “ifme�, versions 1.0.0 to v7.31.4 are vulnerable against stored XSS vulnerability (notifications section) which can be directly triggered by sending an ally request to the admin.

CVE
Open in Source
#xss#vulnerability#java

@@ -4,7 +4,7 @@ let(:uniqueid) { ‘uniqueid’ }
describe ‘#comment_link’ do it ‘returns correct link’ do it ‘returns the correct link’ do data = { cutoff: false, user: 'Julia Nguyen’, @@ -16,27 +16,60 @@ } expect(comment_link(uniqueid, data)).to eq(‘<a id="uniqueid" href="/moments/1">Julia Nguyen commented “Hello” on typename</a>’) end
it ‘sanitizes and returns the correct link’ do data = { cutoff: false, user: '<IFRAME SRC="javascript:alert(document.domain);"></IFRAME>’, email: '[email protected]’, comment: 'Hello’, typename: 'typename’, type: 'type_comment_moment’, typeid: 1, commentable_id: 1 } expect(comment_link(uniqueid, data)).to eq(‘<a id="uniqueid" href="/moments/1">[email protected] commented “Hello” on typename</a>’) end end
describe ‘#accepted_ally_link’ do it ‘returns correct link’ do it ‘returns the correct link’ do data = { user: 'Julia Nguyen’, uid: ‘uid’ } expect(accepted_ally_link(uniqueid, data)).to eq(‘<a id="uniqueid" href="/profile?uid=uid">Julia Nguyen accepted your ally request!</a>’) end
it ‘sanitizes and returns the correct link’ do data = { user: '<IFRAME SRC="javascript:alert(document.domain);"></IFRAME>’, email: '[email protected]’, uid: ‘uid’ } expect(accepted_ally_link(uniqueid, data)).to eq(‘<a id="uniqueid" href="/profile?uid=uid">[email protected] accepted your ally request!</a>’) end end
describe ‘#new_ally_request_link’ do it ‘returns correct link’ do it ‘returns the correct link’ do data = { user: 'Julia Nguyen’, uid: 'uid’, user_id: 1 } expect(new_ally_request_link(uniqueid, data)).to eq(‘<div id="uniqueid"><div><a href="/profile?uid=uid">Julia Nguyen</a> sent an ally request!</div><div><a rel="nofollow" data-method="post" href="/allies/add?ally_id=1">Accept</a> | <a data-confirm="Are you sure?" rel="nofollow" data-method="post" href="/allies/remove?ally_id=1">Reject</a></div></div>’) end
it ‘sanitizes and returns the correct link’ do data = { user: '<IFRAME SRC="javascript:alert(document.domain);"></IFRAME>’, email: '[email protected]’, uid: 'uid’, user_id: 1 } expect(new_ally_request_link(uniqueid, data)).to eq(‘<div id="uniqueid"><div><a href="/profile?uid=uid">[email protected]</a> sent an ally request!</div><div><a rel="nofollow" data-method="post" href="/allies/add?ally_id=1">Accept</a> | <a data-confirm="Are you sure?" rel="nofollow" data-method="post" href="/allies/remove?ally_id=1">Reject</a></div></div>’) end end
describe ‘#group_link’ do @@ -48,32 +81,57 @@ group_id: 1 } end let(:dirty_data) do { type: type, user: '<IFRAME SRC="javascript:alert(document.domain);"></IFRAME>’, email: '[email protected]’, group: 'Group name’, group_id: 1 } end context ‘type is new_group’ do let(:type) { ‘new_group’ } it ‘returns correct link’ do it ‘returns the correct link’ do expect(group_link(uniqueid, data)).to eq(‘<a id="uniqueid" href="/groups/1">Julia Nguyen created a group "Group name"</a>’) end
it ‘sanitizes and returns the correct link’ do expect(group_link(uniqueid, dirty_data)).to eq(‘<a id="uniqueid" href="/groups/1">[email protected] created a group "Group name"</a>’) end end
context ‘type is new_group_member’ do let(:type) { ‘new_group_member’ } it ‘returns correct link’ do it ‘returns the correct link’ do expect(group_link(uniqueid, data)).to eq(‘<a id="uniqueid" href="/groups/1">Julia Nguyen joined your group "Group name"</a>’) end
it ‘sanitizes and returns the correct link’ do expect(group_link(uniqueid, dirty_data)).to eq(‘<a id="uniqueid" href="/groups/1">[email protected] joined your group "Group name"</a>’) end end
context ‘type is add_group_leader’ do let(:type) { ‘add_group_leader’ } it ‘returns correct link’ do it ‘returns the correct link’ do expect(group_link(uniqueid, data)).to eq(‘<a id="uniqueid" href="/groups/1">Julia Nguyen became a leader of "Group name"</a>’) end
it ‘sanitizes and returns the correct link’ do expect(group_link(uniqueid, dirty_data)).to eq(‘<a id="uniqueid" href="/groups/1">[email protected] became a leader of "Group name"</a>’) end end
context ‘type is remove_group_leader’ do let(:type) { ‘remove_group_leader’ } it ‘returns correct link’ do it ‘returns the correct link’ do expect(group_link(uniqueid, data)).to eq(‘<a id="uniqueid" href="/groups/1">Julia Nguyen is no longer a leader of "Group name"</a>’) end
it ‘sanitizes and returns the correct link’ do expect(group_link(uniqueid, dirty_data)).to eq(‘<a id="uniqueid" href="/groups/1">[email protected] is no longer a leader of "Group name"</a>’) end end end
@@ -88,32 +146,59 @@ typeid: 1 } end let(:dirty_data) do { type: type, user: '<IFRAME SRC="javascript:alert(document.domain);"></IFRAME>’, email: '[email protected]’, group: 'Group name’, typename: 'Meeting name’, group_id: 1, typeid: 1 } end context ‘type is new_meeting’ do let(:type) { ‘new_meeting’ } it ‘returns correct link’ do it ‘returns the correct link’ do expect(meeting_link(uniqueid, data)).to eq(‘<a id="uniqueid" href="/meetings/1">Julia Nguyen created a new meeting “Meeting name” for "Group name"</a>’) end
it ‘sanitizes and returns the correct link’ do expect(meeting_link(uniqueid, dirty_data)).to eq(‘<a id="uniqueid" href="/meetings/1">[email protected] created a new meeting “Meeting name” for "Group name"</a>’) end end
context ‘type is remove_meeting’ do let(:type) { ‘remove_meeting’ } it ‘returns correct link’ do it ‘returns the correct link’ do expect(meeting_link(uniqueid, data)).to eq(‘<a id="uniqueid" href="/groups/1">Julia Nguyen has cancelled “Meeting name” for "Group name"</a>’) end
it ‘sanitizes and returns the correct link’ do expect(meeting_link(uniqueid, dirty_data)).to eq(‘<a id="uniqueid" href="/groups/1">[email protected] has cancelled “Meeting name” for "Group name"</a>’) end end
context ‘type is update_meeting’ do let(:type) { ‘update_meeting’ } it ‘returns correct link’ do it ‘returns the correct link’ do expect(meeting_link(uniqueid, data)).to eq(‘<a id="uniqueid" href="/meetings/1">Julia Nguyen has updated “Meeting name” for "Group name"</a>’) end
it ‘sanitizes and returns the correct link’ do expect(meeting_link(uniqueid, dirty_data)).to eq(‘<a id="uniqueid" href="/meetings/1">[email protected] has updated “Meeting name” for "Group name"</a>’) end end
context ‘type is join_meeting’ do let(:type) { ‘join_meeting’ } it ‘returns correct link’ do it ‘returns the correct link’ do expect(meeting_link(uniqueid, data)).to eq(‘<a id="uniqueid" href="/meetings/1">Julia Nguyen has joined “Meeting name” for "Group name"</a>’) end
it ‘sanitizes and returns the correct link’ do expect(meeting_link(uniqueid, dirty_data)).to eq(‘<a id="uniqueid" href="/meetings/1">[email protected] has joined “Meeting name” for "Group name"</a>’) end end end end

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE