Source
ghsa
### Impact ValidateCore::isCleanHTML() method of Prestashop misses hijickable events which can lead to XSS injection, allowed by the presence of pre-setup @keyframes methods. This XSS which hijacks HTML attributes will be triggered without any interaction of the visitor/administrator which makes it as dangerous as a trivial XSS. Contrary to most XSS which target HTML attributes and which are triggered without user interaction (such as onload / onerror which suffer from a very limited scope), this one can hijack every HTML element, which increases the danger due to a complete HTML elements scope. ### Patches The patch will be on PS 8.0.4 and PS 1.7.8.9 ### References
### Impact SQL filtering vulnerability, a BO user can write, update and delete in the database, even without having specific rights. ### Patches PrestaShop 8.0.4 and 1.7.8.9 will contain the patch. ### Workarounds no ### References no
## Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-pgvh-p3g4-86jw. This link is maintained to preserve external references. ## Original Description Impact: An attacker could execute remote code on a system running wwbn/avideo Step to Reproduce: 1. Go to the `My Videos` tab https://demo.avideo.com/mvideos 2. Click "Embed a video link" Append a command to the url as a query string. eg. `?whoami` then click Save This issue has been resolved in commit `236228f15`
CraftCMS prior to version 3.7.68 is vulnerable Cross Site Scripting (XSS). An attacker can inject javascript code into Volume Name.
There is insufficient checking of user queries in Apache Jena versions 4.7.0 and earlier, when invoking custom scripts. It allows a remote user to execute arbitrary javascript via a SPARQL query.
### Summary Kitchen-Terraform v7.0.0 introduced a regression which caused all Terraform output values, including sensitive values, to be printed at the `info` logging level during the `kitchen converge` action. Prior to v7.0.0, the output values were printed at the `debug` level to avoid writing sensitive values to the terminal by default. ### Original Report @brettcurtis: > Hopefully, I'm not doing something stupid here, but I'm seeing sensitive outputs printed in the kitchen output. You can check this action for an example: https://github.com/osinfra-io/terraform-google-project/actions/runs/4700065515/jobs/8334277309#step:5:215 > > It's not really a sensitive value just used it as an example.
### Impact Kiwi TCMS allows users to upload attachments to test plans, test cases, etc. In earlier versions there is no control over what kinds of files can be uploaded. Thus a malicious actor may upload an `.exe` file or a file containing embedded JavaScript and trick others into clicking on these files causing vulnerable browsers to execute malicious code on another computer or attempting XSS attacks. Stored XSS attacks via file uploads have been fixed in earlier versions of Kiwi TCMS, see [GHSA-2wcr-87wf-cf9j](https://github.com/kiwitcms/Kiwi/security/advisories/GHSA-2wcr-87wf-cf9j). This advisory deals with prohibiting users to upload potentially compromised files in the first place. ### Patches Kiwi TCMS v12.2 comes with functionality that allows administrators to configure additional upload validator functions which give them more control over what file types are accepted for upload. By default `.exe` are denied. Other files containing the `<script>` tag, regardless of their t...
### Impact Affected versions of Laminas Diactoros accepted a single line feed (LF / `\n` ) character at the end of a header name. When serializing such a header name containing a line-feed into the on-the-wire representation of a HTTP/1.x message, the resulting message would be syntactically invalid, due to the header line being terminated too early. An attacker that is able to control the header names that are passed to Laminas Diactoros would be able to intentionally craft invalid messages, possibly causing application errors or invalid HTTP requests being sent out with an PSR-18 HTTP client. The latter might present a denial of service vector if a remote service’s web application firewall bans the application due to the receipt of malformed requests. ### Patches The problem has been patched in the following versions: - 2.18.1 - 2.19.1 - 2.20.1 - 2.21.1 - 2.22.1 - 2.23.1 - 2.24.2 - 2.25.2 ### Workarounds Validate HTTP header keys and/or values, and if using user-supplied values...
### Impact Frederic Linn (@FredericLinn) has reported a series of vulnerabilities that can result in directory traversal, file write, and potential remote code execution on Jellyfin instances. The general process involves chaining several exploits including a stored XSS vulnerability and can be used by an unprivileged user. The general process is (using the example of setting an intro video as the payload): * Create a session as a low-priviledged user with a crafted authorization header * Upload an executable that contains a malicious plugin inline via /ClientLog/Document * (Admin hovers over our device in dashboard -> XSS payload gets triggered) * XSS Payload tries to set encoder path to our uploaded "log" file via /System/MediaEncoder/Path * The request fails, but in the process our executable actually runs (I guess for verifying if the path points to a valid ffmpeg version) * The executable will create a plugin folder and place the inlined plugin DLL inside it * The XSS payload sh...
### Impact A failure in the update logic of Rancher's admission Webhook may lead to the misconfiguration of the Webhook. This component enforces validation rules and security checks before resources are admitted into the Kubernetes cluster. When the Webhook is operating in a degraded state, it no longer validates any resources, which may result in severe privilege escalations and data corruption. The issue only affects users that upgrade from `2.6.x` or `2.7.x` to `2.7.2`. Users that did a fresh install of 2.7.2 (and did not follow an upgrade path) are not affected. The command below can be executed on the `local` cluster to determine whether the cluster is affected by this issue: ```sh $ kubectl get validatingwebhookconfigurations.admissionregistration.k8s.io rancher.cattle.io NAME WEBHOOKS AGE rancher.cattle.io 0 19h ``` If the resulting webhook quantity is `0`, the Rancher instance is affected. ### Patches Patched versions include release `2.7.3` ...