#git

URL Redirection to Untrusted Site ('Open Redirect') vulnerability when "form" authentication is used in Apache Shiro. Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+.

A previously unknown hacker outfit called GambleForce has been attributed to a series of SQL injection attacks against companies primarily in the Asia-Pacific (APAC) region since at least September 2023. "GambleForce uses a set of basic yet very effective techniques, including SQL injections and the exploitation of vulnerable website content management systems (CMS) to steal sensitive

Cross Site Scripting (XSS) vulnerability in DedeBIZ v6.0.3 allows attackers to run arbitrary code via the search feature.

Emlog Pro v2.1.14 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the component /admin/article.php?active_savedraft.

### Impact It is possible to make the entire Cube API unavailable by submitting a specially crafted request to a Cube API endpoint. ### Patches The issue has been patched in the `v0.34.34` and it's recommended that all users exposing Cube APIs to the public internet upgrade to the latest version to prevent service disruption. ### Workarounds There are currently no workaround for older versions, and the recommendation is to upgrade. ### References The issue was reported by an independent researcher in our Community Slack and has been promptly patched in the recent update.

A Cross Site Scripting (XSS) vulnerability was discovered in Emlog Pro v2.1.14 via the component /admin/store.php.

The extension fails to verify whether a specified content element identifier is permitted by the plugin. This enables an unauthenticated user to display various content elements, leading to an insecure direct object reference (IDOR) vulnerability with the potential to expose internal content elements.

The extension fails to check access permissions for the edit user component. An authenticated frontend user can use the vulnerability to either edit data of various frontend users or to delete various frontend user accounts. Another missing access check in the backend module of the extensions allows an authenticated backend user to perform various actions (userLogout, confirmUser, refuseUser and resendUserConfirmation) for any frontend user in the system.

The “Configuration” backend module of the extension allows an authenticated user to write arbitrary page TSConfig for folders configured as “Direct Mail”. Exploiting the vulnerability may lead to Configuration Injection (TYPO3 10.4 and above) and to Arbitrary Code Execution (TYPO3 9.5 and below). A valid backend user account having access to the Direct Mail "Configuration" backend module is needed in order to exploit this vulnerability.

### Summary When parsing SVG images Dompdf performs an initial validation to ensure that paths within the SVG are allowed. One of the validations is that the [SVG document does not reference itself](https://github.com/dompdf/dompdf/blob/v2.0.3/src/Image/Cache.php#L136-L153). However, a recursive chained using two or more SVG documents is not correctly validated. Depending on the system configuration and attack pattern this could exhaust the memory available to the executing process and/or to the server itself. ### Details php-svg-lib, when run in isolation, does not support SVG references for `image` elements. An SVG document can, however, be referenced and Dompdf will run that reference through the same validation. Dompdf currently includes validation to prevent self-referential `image` references, but a chained reference is not checked. A malicious actor may thus trigger infinite recursion in the validation process by chaining references between two or more SVG images. ### PoC Thi...