Source
ghsa
The workspace/ version preview link created by a privileged (backend) user could be abused to obtain certain editing permission, if the admin panel is configured to be shown. A valid preview link is required to exploit this vulnerability.
Failing to properly encode user input, some backend components are vulnerable to Cross-Site Scripting. A valid backend user account is needed to exploit this vulnerability.
The default authentication service misses to invalidate empty strings as password. Therefore it is possible to authenticate backend and frontend users without password set in the database. Note: TYPO3 does not allow to create user accounts without a password. Your TYPO3 installation might only be affected if there is a third party component creating user accounts without password by directly manipulating the database.
### Summary gradio-pdf projects with dependencies on the pdf.js library are vulnerable to CVE-2024-4367, which allows arbitrary JavaScript execution. ### PoC 1. Generate a pdf file with a malicious script in the fontmatrix. (This will run `alert(‘XSS’)`.) [poc.pdf](https://github.com/user-attachments/files/15516798/poc.pdf) 2. Run the app. In this PoC, I've used the demo for a simple proof.  3. Upload a PDF file containing the script.  4. Check that the script is running.  ### Impact Malicious scripts can be injected into the code, and when linked with vulnerabilities such as CSRF, it can cause even greater damage. In particular, It can become a source of further attacks, e...
### Impact Digital downloads sold in online shops can be downloaded without valid payment, e.g. if the payment didn't succeed. ### Patches New versions for the Aimeos HTML client 2020-2024 are available
### Impact User with administrative privileges and upload files that look like images but contain PHP code which can then be executed in the context of the web server.
### Impact All users of url-to-png. Please see https://github.com/jasonraimondi/url-to-png/issues/47 ### Patches [v2.0.3](https://github.com/jasonraimondi/url-to-png/releases/tag/v2.0.3) requires input url to be of protocol `http` or `https` ### Workarounds Requires upgrade. ### References - https://github.com/jasonraimondi/url-to-png/issues/47 - https://github.com/user-attachments/files/15536336/Arbitrary.File.Read.via.Playwright.s.Screenshot.Feature.Exploiting.File.Wrapper.pdf
### Summary PIMCore uses the JavaScript library jQuery in version 3.4.1. This version is vulnerable to cross-site-scripting (XSS). ### Details In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. Publish Date: 2020-04-29 URL:= https://security.snyk.io/package/npm/jquery/3.4.1
# Permissions-Policy is Only Served on HTML Content-Type The application configurable Permissions-Policy is only served on responses with an HTML related Content-Type. This has been assigned the CVE identifier CVE-2024-28103. Versions Affected: >= 6.1.0 Not affected: < 6.1.0 Fixed Versions: 6.1.7.8, 7.0.8.4, and 7.1.3.4 Impact ------ Responses with a non-HTML Content-Type are not serving the configured Permissions-Policy. There are certain non-HTML Content-Types that would benefit from having the Permissions-Policy enforced. Releases -------- The fixed releases are available at the normal locations. Workarounds ----------- N/A Patches ------- To aid users who aren't able to upgrade immediately we have provided patches for the supported release series in accordance with our [maintenance policy](https://guides.rubyonrails.org/maintenance_policy.html#security-issues) regarding security issues. They are in git-am format and consist of a single changeset. * 6-1-include...
Instances of ActionText::Attachable::ContentAttachment included within a rich_text_area tag could potentially contain unsanitized HTML. This has been assigned the CVE identifier CVE-2024-32464. Versions Affected: >= 7.1.0 Not affected: < 7.1.0 Fixed Versions: 7.1.3.4 Impact ------ This could lead to a potential cross site scripting issue within the Trix editor. Releases -------- The fixed releases are available at the normal locations. Workarounds ----------- N/A Patches ------- To aid users who aren't able to upgrade immediately we have provided patches for the supported release series in accordance with our [maintenance policy](https://guides.rubyonrails.org/maintenance_policy.html#security-issues) regarding security issues. They are in git-am format and consist of a single changeset. * action_text_content_attachment_xss_7_1_stable.patch - Patch for 7.1 series Credits ------- Thank you [ooooooo_q](https://hackerone.com/ooooooo_q) for reporting this!