Security
Headlines
HeadlinesLatestCVEs

Tag

#csrf

GHSA-94cc-xjxr-pwvf: DSpace Cross Site Scripting (XSS) via a deposited HTML/XML document

### Impact In DSpace 7.0 through 7.6.1, when an HTML, XML or JavaScript Bitstream is downloaded, the user's browser _may_ execute any embedded JavaScript. If that embedded JavaScript is malicious, there is a risk of an XSS attack. This attack may only be initialized by a user who already has Submitter privileges in the repository. The submitter must upload the malicious HTML/XML/JavaScript file themselves. The attack itself would not occur until a different authenticated user downloads the malicious file. CORS and CSRF protection built into DSpace help to limit the impact of the attack (and may block it in some scenarios). If the repository is configured to only download HTML / XML / JavaScript Bitstreams using the [`Content-Disposition: attachment`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Disposition) header, then the attack is no longer possible. See "Workarounds" below. ### Patches The fix is included in both 8.0 and 7.6.2. Please upgrade to one of t...

ghsa
#xss#csrf#vulnerability#web#ios#mac#apache#git#java#nginx#auth
Carbon Forum 5.9.0 Cross Site Request Forgery / SQL Injection

Carbon Forum version 5.9.0 suffers from access control, cross site request forgery, file upload, outdated library, and remote SQL injection vulnerabilities.

Paradox IP150 Internet Module 1.40.00 Cross Site Request Forgery

Paradox IP150 Internet Module version 1.40.00 suffers from a cross site request forgery vulnerability.

Cacti Import Packages Remote Code Execution

This exploit module leverages an arbitrary file write vulnerability in Cacti versions prior to 1.2.27 to achieve remote code execution. It abuses the Import Packages feature to upload a specially crafted package that embeds a PHP file. Cacti will extract this file to an accessible location. The module finally triggers the payload to execute arbitrary PHP code in the context of the user running the web server. Authentication is needed and the account must have access to the Import Packages feature. This is granted by setting the Import Templates permission in the Template Editor section.

Siemens SINEC Traffic Analyzer

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SINEC Traffic Analyzer Vulnerabilities: Out-of-bounds Write, Insufficient Session Expiration, Cross-Site Request Forgery (CSRF), Insufficiently Protected Credentials, Exposed Dangerous Method or Function, Cleartext Transmission of Sensitive Information, Sensitive Cookie in HTTPS Session Without 'Secure' Attribute, Improper Input Validation 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to cause a denial-of-service condition, disclose sensitive information, or modify files. 3. TECHNICAL DETAILS 3.1 AFFECTED PRO...

Kiuwan Local Analyzer / SAST / SaaS XML Injection / XSS / IDOR

Kiuwan SAST versions prior to 2.8.2402.3, Kiuwan Local Analyzer versions prior to master.1808.p685.q13371, and Kiuwan SaaS versions prior to 2024-02-05 suffer from XML external entity injection, cross site scripting, insecure direct object reference, and various other vulnerabilities.

GHSA-xg9w-r469-m455: ZendFramework Potential Information Disclosure and Insufficient Entropy vulnerabilities

In Zend Framework 2, the `Zend\Math\Rand` component generates random bytes using the OpenSSL or Mcrypt extensions when available but will otherwise use PHP's `mt_rand()` function as a fallback. All outputs from `mt_rand()` are predictable for the same PHP process if an attacker can brute force the seed used by the Marsenne-Twister algorithm in a Seed Recovery Attack. This attack can be successfully applied with minimum effort if the attacker has access to either a random number from `mt_rand()` or a Session ID generated without using additional entropy. This makes `mt_rand()` unsuitable for generating non-trivial random bytes since it has Insufficient Entropy to protect against brute force attacks on the seed. The `Zend\Validate\Csrf` component generates CSRF tokens by SHA1 hashing a salt, random number possibly generated using `mt_rand()` and a form name. Where the salt is known, an attacker can brute force the SHA1 hash with minimum effort to discover the random number when `mt_rand...

GHSA-4m3g-6r7g-jv4f: Arbitrary JavaScript execution due to using outdated libraries

### Summary gradio-pdf projects with dependencies on the pdf.js library are vulnerable to CVE-2024-4367, which allows arbitrary JavaScript execution. ### PoC 1. Generate a pdf file with a malicious script in the fontmatrix. (This will run `alert(‘XSS’)`.) [poc.pdf](https://github.com/user-attachments/files/15516798/poc.pdf) 2. Run the app. In this PoC, I've used the demo for a simple proof. ![1](https://github.com/freddyaboulton/gradio-pdf/assets/114328108/d1bb7626-3d0f-4984-8873-297658d6e77e) 3. Upload a PDF file containing the script. ![2](https://github.com/freddyaboulton/gradio-pdf/assets/114328108/803d8080-c946-446e-bb34-cf5640e1b4de) 4. Check that the script is running. ![3](https://github.com/freddyaboulton/gradio-pdf/assets/114328108/4956b95f-acca-4bb1-a3c2-7dfc96adf890) ### Impact Malicious scripts can be injected into the code, and when linked with vulnerabilities such as CSRF, it can cause even greater damage. In particular, It can become a source of further attacks, e...

Monstra CMS 3.0.4 Remote Code Execution

Monstra CMS version 3.0.4 suffers from a remote code execution vulnerability. Original discovery of code execution in this version is attributed to Ishaq Mohammed in December of 2017.