Security
Headlines
HeadlinesLatestCVEs

Tag

#auth

CVE-2023-47546: WordPress OneClick Chat to Order plugin <= 1.0.4.2 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Walter Pinem OneClick Chat to Order plugin <= 1.0.4.2 versions.

CVE
Open in Source
#xss#vulnerability#web#wordpress#auth
CVE-2023-47547: WordPress Products, Order & Customers Export for WooCommerce plugin <= 2.0.7 - Reflected Cross Site Scripting (XSS) vulnerability - Patchstack

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPFactory Products, Order & Customers Export for WooCommerce plugin <= 2.0.7 versions.

CVE-2023-47549: WordPress EazyDocs plugin <= 2.3.5 - Cross Site Scripting (XSS) vulnerability - Patchstack

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability on 302 response page in spider-themes EazyDocs plugin <= 2.3.3 versions.

CVE-2023-47533: WordPress Countdown and CountUp, WooCommerce Sales Timer plugin <= 1.8.2 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in wpdevart Countdown and CountUp, WooCommerce Sales Timer plugin <= 1.8.2 versions.

CVE-2023-47544: WordPress Atarim plugin <= 3.12 - Unauthenticated Cross Site Scripting (XSS) vulnerability - Patchstack

Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Atarim Visual Website Collaboration, Feedback & Project Management – Atarim plugin <= 3.12 versions.

CVE-2023-47640: Insecure Use of HMAC-SHA1 For Session Signing

DataHub is an open-source metadata platform. The HMAC signature for DataHub Frontend sessions was being signed using a SHA-1 HMAC with the frontend secret key. SHA1 with a 10 byte key can be brute forced using sufficient resources (i.e. state level actors with large computational capabilities). DataHub Frontend was utilizing the Play LegacyCookiesModule with default settings which utilizes a SHA1 HMAC for signing. This is compounded by using a shorter key length than recommended by default for the signing key for the randomized secret value. An authenticated attacker (or attacker who has otherwise obtained a session token) could crack the signing key for DataHub and obtain escalated privileges by generating a privileged session cookie. Due to key length being a part of the risk, deployments should update to the latest helm chart and rotate their session signing secret. All deployments using the default helm chart configurations for generating the Play secret key used for signing are af...

GHSA-3fx3-85r4-8j3w: Microsoft Security Advisory CVE-2023-36558: .NET Security Feature Bypass Vulnerability

# Microsoft Security Advisory CVE-2023-36558: .NET Security Feature Bypass Vulnerability ## <a name="executive-summary"></a>Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core 6.0, ASP.NET Core 7.0 and, ASP.NET Core 8.0 RC2. This advisory also provides guidance on what developers can do to update their applications to address this vulnerability. A security feature bypass vulnerability exists in ASP.NET where an unauthenticated user is able to bypass validation on Blazor server forms which could trigger unintended actions. ## Announcement Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/288 ### <a name="mitigation-factors"></a>Mitigation factors This vulnerability only affects ASP.NET Core Blazor apps. Other application types, including ASP.NET Core apps which do not utilize Blazor, are not affected. ## <a name="affected-software"></a>Affected software * Any ASP...

GHSA-xx9p-xxvh-7g8j: Aiohttp has inconsistent interpretation of `Content-Length` vs. `Transfer-Encoding` differing in C and Python fallbacks

### Impact Aiohttp has a security vulnerability regarding the inconsistent interpretation of the http protocol. As we know that HTTP/1.1 is persistent, if we have both Content-Length(CL) and Transfer-Encoding(TE) it can lead to incorrect interpretation of two entities that parse the HTTP and we can poison other sockets with this incorrect interpretation. A possible Proof-of-Concept (POC) would be a configuration with a reverse proxy(frontend) that accepts both CL and TE headers and aiohttp as backend. As aiohttp parses anything with chunked, we can pass a chunked123 as TE, the frontend entity will ignore this header and will parse Content-Length. I can give a Dockerfile with the configuration if you want. The impact of this vulnerability is that it is possible to bypass any proxy rule, poisoning sockets to other users like passing Authentication Headers, also if it is present an Open Redirect (just like CVE-2021-21330) we can combine it to redirect random users to our website and lo...

CVE-2023-47127: Weak Authentication in Session Handling

TYPO3 is an open source PHP based web content management system released under the GNU GPL. In typo3 installations there are always at least two different sites. Eg. first.example.org and second.example.com. In affected versions a session cookie generated for the first site can be reused on the second site without requiring additional authentication. This vulnerability has been addressed in versions 8.7.55, 9.5.44, 10.4.41, 11.5.33, and 12.4.8. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVE-2023-47554: WordPress Actueel Financieel Nieuws – Denk Internet Solutions plugin <= 5.1.0 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in DenK BV Actueel Financieel Nieuws – Denk Internet Solutions plugin <= 5.1.0 versions.