Security
Headlines
HeadlinesLatestCVEs

Tag

#auth

GHSA-gp6m-fq6h-cjcx: Magento LTS vulnerable to stored XSS in admin file form

### Summary OpenMage is affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. ### Details `Mage_Adminhtml_Block_System_Config_Form_Field_File` does not escape filename value in certain situations. Same as: https://nvd.nist.gov/vuln/detail/CVE-2024-20717 ### PoC 1. Create empty file with this filename: `<img src=x onerror=alert(1)>.crt` 2. Go to _System_ > _Configuration_ > _Sales | Payment Methonds_. 3. Click **Configure** on _PayPal Express Checkout_. 4. Choose **API Certificate** from dropdown _API Authentication Methods_. 5. Choose the XSS-file and click **Save Config**. 6. Profit, alerts "1" -> XSS. 7. Reload, alerts "1" -> Stored XSS. ### Impact Affects admins that have access to any fileupload field in admin in core or custom implementations. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

ghsa
Open in Source
#xss#vulnerability#git#java#auth
Safe Data Sharing Practices: How to Avoid Data Leaks

By Owais Sultan The Internet offers a convenient platform for sharing data, but it also brings the risk of data leaks.… This is a post from HackRead.com Read the original post: Safe Data Sharing Practices: How to Avoid Data Leaks

Hospital Management System 1.0 Insecure Direct Object Reference / Account Takeover

Hospital Management System version 1.0 suffers from insecure direct object reference and account takeover vulnerabilities.

Hospital Management System 1.0 Cross Site Scripting

Hospital Management System version 1.0 suffers from a persistent cross site scripting vulnerability.

Hospital Management System 1.0 SQL Injection

Hospital Management System version 1.0 suffers from a remote SQL injection vulnerability.

perl2exe 30.10C Arbitrary Code Execution

Executables created with perl2exe versions 30.10C and below suffer from an arbitrary code execution vulnerability.

Automatic-Systems SOC FL9600 FastLine Hardcoded Credentials

Automatic-Systems SOC FL9600 FastLine version V06 has hardcoded credentials for super admin functionality.

Automatic-Systems SOC FL9600 FastLine Directory Traversal

Automatic-Systems SOC FL9600 FastLine version V06 suffers from a directory traversal vulnerability.

WordPress LiteSpeed Plugin Vulnerability Puts 5 Million Sites at Risk

A security vulnerability has been disclosed in the LiteSpeed Cache plugin for WordPress that could enable unauthenticated users to escalate their privileges. Tracked as CVE-2023-40000, the vulnerability was addressed in October 2023 in version 5.7.0.1. "This plugin suffers from unauthenticated site-wide stored [cross-site scripting] vulnerability and could allow any unauthenticated user

TimbreStealer campaign targets Mexican users with financial lures

Talos has observed a phishing spam campaign targeting potential victims in Mexico, luring users to download a new obfuscated information stealer we’re calling TimbreStealer, which has been active since at least November 2023.