Security
Headlines
HeadlinesLatestCVEs

Tag

#js

Threat Round up for January 13 to January 20

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Jan. 13 and Jan. 20. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key

TALOS
Open in Source
#sql#vulnerability#web#mac#windows#google#microsoft#amazon#js#oracle#intel#firefox#sap
CVE-2023-23490: SQL Injection in Multiple WordPress Plugins

The Survey Maker WordPress Plugin, version < 3.1.2, is affected by an authenticated SQL injection vulnerability in the 'surveys_ids' parameter of its 'ays_surveys_export_json' action.

CVE-2023-23014: Possible XSS vulnerabilities · Issue #23 · ronknight/InventorySystem

Cross Site Scripting (XSS) vulnerability in InventorySystem thru commit e08fbbe17902146313501ed0b5feba81d58f455c (on Apr 23, 2021) via edit_store_name and edit_active inputs in file InventorySystem.php.

CVE-2023-22910: XSS in Wikibase date formatting

An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. There is XSS in Wikibase date formatting via wikibase-time-precision-* fields. This allows JavaScript execution by staff/admin users who do not intentionally have the editsitejs capability.

GHSA-6vf6-g3pr-j83h: pimcore is vulnerable to cross-site scripting via "title field " in data objects

### Impact The vulnerability is capable of resulting in stolen user cookies. #### Proof of Concept ``` Login with dev account https://11.x-dev.pimcore.fun/admin/?_dc=1670962076&perspective= Go to setting --> data objects --> classes --> events Click media under genaral settings Add payload in title field. Go to data objects module and open events, xss will trigger // PoC.js "><iMg SrC="x" oNeRRor="alert(xss);"> ``` ### Patches Update to version 10.5.14 or apply this patch manually https://github.com/pimcore/pimcore/pull/13916.patch ### Workarounds Apply https://github.com/pimcore/pimcore/pull/13916.patch manually. ### References https://huntr.dev/bounties/129d6a4b-0504-4de1-a72c-3f12c4552343/

OpenText Extended ECM 22.3 File Deletion / LFI / Privilege Escsalation

OpenText Extended ECM versions 16.2.2 through 22.3 suffer from arbitrary file deletion, information disclosure, local file inclusion, and privilege escalation vulnerabilities.

OpenText Extended ECM 22.3 cs.exe Remote Code Execution

OpenText Extended ECM versions 20.4 through 22.3 suffer from a pre-authentication remote code execution vulnerability in cs.exe.

Red Hat Security Advisory 2023-0264-01

Red Hat Security Advisory 2023-0264-01 - An update for Logging Subsystem (5.6.0) is now available for Red Hat OpenShift Container Platform. Issues addressed include a denial of service vulnerability.

Git security audit reveals critical overflow bugs

Uncovered vulnerabilities include several high, medium, and low-security issues

CVE-2023-23596: nginx-proxy-manager/access-list.js at 4f10d129c20cc82494b95cc94b97f859dbd4b54d · NginxProxyManager/nginx-proxy-manager

jc21 NGINX Proxy Manager through 2.9.19 allows OS command injection. When creating an access list, the backend builds an htpasswd file with crafted username and/or password input that is concatenated without any validation, and is directly passed to the exec command, potentially allowing an authenticated attacker to execute arbitrary commands on the system. NOTE: this is not part of any NGINX software shipped by F5.