Security
Headlines
HeadlinesLatestCVEs

Source

ghsa

GHSA-7grw-xfx6-qhx6: Joplin Cross-site Scripting vulnerability

Joplin before 2.11.5 allows XSS via a USE element in an SVG document.

ghsa
Open in Source
#xss#vulnerability#git
GHSA-4jjv-p8x9-rrf7: Joplin Cross-site Scripting vulnerability

Joplin before 2.11.5 allows XSS via an AREA element of an image map.

GHSA-7px2-3c2p-q4v4: flatnest Prototype Pollution vulnerability

All versions of the package flatnest are vulnerable to Prototype Pollution via the `nest()` function in `flatnest/nest.js` file.

GHSA-v6g2-jwrm-h5r5: phpMyFAQ Cross-site Scripting

phpMyFAQ prior to 3.2.0-beta.2 contains a cross-site scripting vulnerability. When an administrator restores a backup from a file, it's possible to trigger an error with a specially crafted file that can be displayed on the web page. Since the error message contains the invalid part of the file, any JavaScript code in the file is executed.

GHSA-ccrc-9x59-3vc4: requests-xml XML External Entity Injection vulnerability

requests-xml v0.2.3 was discovered to contain an XML External Entity Injection (XXE) vulnerability which allows attackers to execute arbitrary code via a crafted XML file.

GHSA-vv6q-6hwp-vrgp: easy-parse XML External Entity Injection vulnerability

easy-parse v0.1.1 was discovered to contain a XML External Entity Injection (XXE) vulnerability which allows attackers to execute arbitrary code via a crafted XML file.

GHSA-j6v2-mwxm-f952: py-xml XML External Entity Injection vulnerability

py-xml v1.0 was discovered to contain an XML External Entity Injection (XXE) vulnerability which allows attackers to execute arbitrary code via a crafted XML file.

GHSA-4g8v-vg43-wpgf: Actionpack has possible cross-site scripting vulnerability via User Supplied Values to redirect_to

The `redirect_to` method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers to remove the assigned Location header. This vulnerability has been assigned the CVE identifier CVE-2023-28362. Versions Affected: All. Not affected: None Fixed Versions: 7.0.5.1, 6.1.7.4 # Impact This introduces the potential for a Cross-site-scripting (XSS) payload to be delivered on the now static redirection page. Note that this both requires user interaction and for a Rails app to be configured to allow redirects to external hosts (defaults to false in Rails >= 7.0.x). # Releases The FIXED releases are available at the normal locations. # Workarounds Avoid providing user supplied URLs with arbitrary schemes to the `redirect_to` method.

GHSA-373w-rj84-pv6x: SafeURL-Python's hostname blocklist does not block FQDNs

### Description If a hostname was blacklisted, it was possible to bypass the blacklist by requesting the FQDN of the host (e.g. adding `.` to the end). ### Impact The main purpose of this library is to block requests to internal/private IPs and these cannot be bypassed using this finding. But if a library user had specifically set certain hostnames as blocked, then an attacker would be able to circumvent that block to cause SSRFs to request those hostnames. ### Patches Fixed by https://github.com/IncludeSecurity/safeurl-python/pull/6 ### Credit https://github.com/Sim4n6

GHSA-mm87-c3x2-6f89: Apache Airflow JDBC Provider Improper Input Validation vulnerability

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow JDBC Provider. Airflow JDBC Provider Connection’s [Connection URL] parameters had no restrictions, which made it possible to implement RCE attacks via different type JDBC drivers, obtain airflow server permission. This issue affects Apache Airflow JDBC Provider: before 4.0.0.